Month: July 2017

What you need to know about malware

You’ve all heard of viruses, spyware, ransomware and trojans. But did you know that they’re all types of malware? They’re all designed to ruin your digital life, but different types of malware put your computer at risk in different ways. Understanding what sets them apart can keep your business guarded.

Viruses

Once created to annoy users by making small changes to their computers, like altering wallpapers, this type of malware has evolved into a malicious tool used to breach confidential data. Most of the time, viruses work by attaching themselves to .exe files in order to infect computers once the file has been opened. This can result in various issues with your computer’s operating system, at their worst, rendering your computer unusable.

To avoid these unfortunate circumstances, you should scan executable files before running them. There are plenty of antivirus software options, but we recommend choosing one that scans in real-time rather than manually.

Spyware

Unlike viruses, spyware doesn’t harm your computer, but instead, targets you. Spyware attaches itself to executable files and once opened or downloaded, will install itself, often times completely unnoticed. Once running on your computer, it can track everything you type, including passwords and other confidential information. Hackers can then use this information to access your files, emails, bank accounts, or anything else you do on your computer.

But don’t panic just yet, you can protect yourself by installing anti-spyware software, sometimes included in all-purpose “anti-malware” software. Note that most reputable antivirus software also come bundled with anti-spyware solutions.

Adware

Are you redirected to a particular page every time you start your browser? Do you get pop ups when surfing the internet? If either situation sounds familiar, you’re likely dealing with adware. Also known as Potential Unwanted Programs (PUP), adware isn’t designed to steal your data, but to get you to click on fraudulent ads. Whether you click on the ad or not, adware can significantly slow down your computer since they take up valuable bandwidth. Worse still, they’re often attached with other types of malware.

Some adware programs come packaged with legitimate software and trick you into accepting their terms of use, which make them especially difficult to remove. To eradicate adware, you’ll need a solution with specialized adware removal protocols.

Scareware

This type of malware works like adware except that it doesn’t make money by tricking you into clicking on ads, but by scaring you into buying a software you don’t need. An example is a pop up ad that tells you your computer is infected with a virus and you need to buy a certain software to eliminate it. If you fall for one of these tactics and click on the ad, you’ll be redirected to a website where you can buy the fake antivirus software.

Scareware acts more like a diversion from the other malware that often comes with it. A good antivirus solution will help scan for scareware too, but you should patch your operating systems regularly just to be safe.

Ransomware

Ransomware has become increasingly common and hostile. It encrypts your computer files and holds them hostage until you’ve paid a fee for the decryption code. Because ransomware comes with sophisticated encryption, there aren’t many options unless you have backups of your data.

There are some tools that can protect against ransomware but we recommend that you backup your data and practice safe web browsing habits.

Worms

Similar to viruses, worms replicate themselves to widen the scope of their damage. However, worms don’t require human intervention to replicate themselves as they use security flaws to transmit from one computer to the next, making them far more dangerous than your typical virus. They often spread via email, sending emails to everyone in an infected user’s contact list, which was exactly the case with the ILOVEYOU worm that cost businesses approximately $5.5 billion worth of damage.

The easiest ways to protect your network from worms is to use a firewall to block external access to your computer network, and to be careful when clicking on unknown links in your email or unknown messages on social media.

Trojans

Usually downloaded from rogue websites, Trojans create digital backdoors that allow hackers to take control of your computer without your knowledge. They can steal your personal information, your files, or cause your computer to stop working. Sometimes hackers will use your computer as a proxy to conceal their identity or to send out spam.

To avoid trojan attacks, you should never open emails or download attachments from unknown senders. If you’re skeptical, use your antivirus software to scan every file first.

In order to keep malware at bay, you need to invest in security solutions with real-time protection and apply security best practices within your office. If you have any questions or concerns, or simply need advice on how to strengthen your business’s security, just give us a call and we’ll be happy to help.

Published with permission from TechAdvisory.org. Source.

Old Mac malware gets a facelift

In yet another sign that Apple computers are no longer being ignored by hackers, a successful piece of Windows-based malware has been rewritten for MacOS. Instead of encrypting data and holding it for ransom, OSX.Dok skips the extortion and simply steals your bank account information. Read on to learn what you can do to prevent an infection.

OSX.Dok isn’t new, but it has been improved

Originally, this Mac-based malware looked very different. When OSX.Dok was first reported several months ago, it could infect only older versions of the Apple operating system. Besides being relegated to OS X, it didn’t do much more than simply spy on the internet history of its victims. More recently, however, OSX.Dok was updated to target the newer macOS and to steal banking information.

How does it work?

Like so many malware programs today, this particular threat is distributed via phishing emails. Because the end goal is to acquire private financial information, these emails pretend to have pressing information about taxes or bank statements stored in attachments that actually contain malicious software.

Once any of these attachments are opened, OSX.Dok secretly broadcasts information about the computer and its location to the malware’s authors. Based on that information, hackers can redirect victims that visit banking websites to copycat URLs tailored to their language and location. Almost everything on the copycat sites looks exactly the same, but when you submit your user ID and password, they go straight to hackers.

Worst of all, the latest version of this malware seems to be incredibly advanced. It actively changes the way it hides itself and even modifies system settings to keep the computer from checking for operating system and security updates.

What can I do?

Security experts are still working on a way to combat OSX.Dok, but believe that it will remain a problem for some time to come. For now there are a few things you can do:

Never open attachments from people you don’t know personally, and even then be wary of anything you weren’t expecting.
Pay attention to little details. For example, copyright dates at the bottom of fake banking sites only went to 2013.
Look closely at the lock to the left of URLs in your address bar. Fake websites may have security certificates with names slightly different from those of the sites they mimic.

The best way to stay ahead of threats like OSX.Dok is by partnering with a capable IT provider. That way you can be sure that you have all the latest software and hardware to keep you safe. Even if something managed to slip through, regular audits are sure to find infections sooner than an overburdened in-house team would. Call us today to find out how we can protect you!

Published with permission from TechAdvisory.org. Source.

Google launches new Backup and Sync app

Employees don’t usually prioritize managing files and photos because they can be tedious and time-consuming. Those who have to deal with a high volume of files and photos across different devices often depend on the auto-sync functions of Google Drive or do manual backups on external drives or SD cards. With Google’s nifty new application, managing files and photos is more seamless.

Seamless backups and syncing

Google’s new application, Backup and Sync, allows both PC and Mac users to seamlessly back up files, photos, and video files from various devices, SD cards, and USB drives in Google Drive or Google Photos.

To use the app, download and install it on your Mac or your Windows computer, sign in with your Google account, select your sync settings, and choose the folders you wish to back up. If you’re uploading photos or videos, you can choose between High or Original quality upload size. And if you want to upload photos only, you have the option to upload to Google Photos.

Once you’re done setting up, a folder will be created on your computer where files can be saved and accessible anywhere via the cloud. Any file dropped into this folder will automatically sync to Google Drive.

Benefits and downside

Although Backup and Sync is free, you can store only up to 15 GB of data. But if you want to exceed the limit, simply upgrade your Google Drive storage. That said, this new tool is valuable because it simplifies the backup process.

The app is especially beneficial to businesses because it’s easy to set up and requires minimal effort from users. It’s also useful to companies with remote work policies; employees can simply drag and drop files into their computer’s folder and access them anywhere from any device.

Backup and Sync not only gives your business greater flexibility by providing anytime-anywhere access to your files, but it also helps keep them safe and sound in the cloud. If you want to explore other productivity tools for your business, get in touch with us today.

Published with permission from TechAdvisory.org. Source.

How to secure your IoT devices

More firms are using the Internet of Things (IoT) to create new business opportunities. For instance, companies that install smart sensors can automate data entry and monitor their inventory. However, if left unsecured, IoT devices also give hackers an opportunity to breach your network. In order to keep attackers at bay, we advise you take the following precautions with your IoT devices.

Set passwords
Many often forget they can set passwords for IoT devices. When this happens, they tend to leave their gadgets with default passwords, essentially leaving the door open for hackers. Make sure to set new and strong passwords — preferably with a combination of upper and lower case letters, numbers, and symbols — for each device connected to your network. Then, use a password manager to securely keep track of all your passwords.

Disable Universal Plug and Play (UPnP)
UPnP is designed to help IoT gadgets discover other network devices. However, hackers can also exploit this feature to find and connect to your IoT devices. To prevent them from getting to your network, it’s best to disable this feature completely.

Create a separate network
When you’re dealing with IoT devices, it’s wise to quarantine them in a separate network unconnected to your main office network. By doing this, user gadgets will still have access to the internet but won’t be able to access mission-critical files.

You should also consider investing in device access management tools. These allow you to control which devices can access what data, and prevent unauthorized access.

Update your firmware
If you want to keep your devices secure against the latest attacks, then you need to keep your IoT software up to date. Security researchers are always releasing security patches for the most recent vulnerabilities, so make it a habit to regularly check for and install IoT firmware updates. If you have several gadgets to secure, use patch management software to automate patch distribution and set a schedule to check for updates monthly.

Unplug it
Disconnecting your IoT devices from the internet (or turning them off completely) whenever you don’t need them significantly reduces how vulnerable you are to an attack. Think about it, if there’s nothing to target, hackers won’t be able to make their move. Turning your IoT devices on and off again may not seem like the most convenient strategy, but it does deny unauthorized access to your router.

Unfortunately, as IoT devices become more commonplace in homes and offices, more hackers will develop more cunning ways to exploit them. Getting into the above mentioned security habits can protect you from a wide variety of IoT attacks, but if you really need to beef up your security, then contact us today. We have robust security solutions that keep your hardware safe.

Published with permission from TechAdvisory.org. Source.

New Microsoft Workplace Analytics

Workplace Analytics is a program that helps managers determine staff productivity levels using data gathered from their email, calendar, documents, and other applications within Office 365. Previously, Microsoft’s MyAnalytics allowed only employees to view their individual data, but with this updated version, managers now have access to this data, too.

How it works

Now available as an add-on to Office 365 enterprise plans, Workplace Analytics extracts behavioral insights from data gathered from Office 365 email, calendar, documents, and Skype. This means that any data an employee types into their email and calendar — whether it’s on the subject line or the main content itself — can be used to indicate their productivity status.

The program has an overview dashboard that provides specific information:

  • Week in the Life provides an overall view of how the entire organization spends time and how members collaborate
  • Meetings shows the amount of time spent in meetings
  • Management and Coaching gauges staff-manager one-on-one meetings
  • Network and Collaboration takes a look at how employees connect to colleagues

What does it aim to do?

Workplace Analytics aims to address what, according to Microsoft, are businesses’ most common challenges: complexity, productivity, and engagement.

Using Analytics data, managers and human resources departments can form productivity strategies for the entire company. If, based on Workplace Analytics data, a majority of your employees are spending 60% of their time attending meetings and not enough time doing creative work, they can come up with a strategy that reduces meeting time and focuses more on productive tasks.

It also identifies how employees collaborate with internal and external parties. Suppose one of your sales staff frequently communicates with certain contacts. By using Workplace Analytics data, the employee’s manager would be able to determine whether this particular collaboration pattern is helping the employee hit sales targets or whether he or she is missing out on other more critical contacts. Also, based on this info, managers would be able to determine which employees are most likely to meet or exceed their targets and set company-wide standards accordingly.

Data gathered by Workplace Analytics also allows managers to determine an employee’s level of engagement (i.e., whether the organization’s collaboration patterns are good for the company) and whether workloads are fairly distributed among workers and/or departments.

Is it useful for small businesses?

Large corporations have been using Workplace Analytics, but small businesses can also benefit from it. For one, the data used to provide the insights are all based on data generated by employees themselves — how much time they spend on meetings, whom they frequently communicate with, and how much time they spend on productive tasks.

Aside from letting managers examine their staff’s working behavior, Workplace Analytics also provides an overall look into what happens at an organizational level. If you want your organization to harness the capabilities of Workplace Analytics and other Office 365 tools, give us a call today.

Published with permission from TechAdvisory.org. Source.

How Windows 10 plans to defeat ransomware

The recent WannaCry and Petya ransomware attacks have caused massive disruptions for Windows users. Although ransomware infection has slowed down in the past few weeks, many experts are saying that this is only just the beginning. Soon, newer and far more dangerous strains of malware will be developed. To help people defend against these threats, Microsoft has released new security features.

Controlled folders
With Microsoft’s new Controlled folders access feature, you can list certain documents and folders as “protected.” Only whitelisted apps can access and edit these folders, while any attempted changes by malicious apps are simply blocked by Windows Defender.

In theory, this should slow down a ransomware’s ability to encrypt critical information. Some reports suggest that other threats like malicious file macros and viruses can be prevented by this feature.

So far, only Windows Insider users have access to controlled folders. But if you’ve already signed up, you can access the feature by going to Windows Defender Security Center and then enabling Controlled folder access. From here, you can choose which folders will be protected and what apps are allowed to access them. To save you time, common Microsoft applications are trusted automatically, but you can remove them from your whitelist whenever you want.

Application Guard
Apart from folder protection, Microsoft also made security enhancements for web browsers. The Windows Defender Application Guard is designed to prevent intrusions, using Microsoft’s Hyper-V virtual machine technology to detect and isolate compromised applications from the rest of your system. So if someone accidentally downloads a virus from their web browser, Application Guard will contain the threat before it infiltrates the rest of your company’s devices, apps, data, and network.

Device Guard
In a similar vein, the Device Guard feature, which is also found in the Windows Defender Security Center, minimizes computer exposure to malware by using advanced threat detection policies to make sure only approved code is running throughout the system. This is meant to add an extra layer of defense in between your firewall and antivirus software.

As mentioned, Windows Insider users can get early access to these security features, but if you want to make sure that these security features are as strong as they can be, we suggest you wait for their public release around September for the Fall Creators update.

Want to stay on top of the latest technologies that can help you beat ransomware, viruses, and other nasty cyberattacks? Contact us today for any security updates and advice.

Published with permission from TechAdvisory.org. Source.

Why Nyetya is more threatening than WannaCry

The WannaCry ransomware, which infected 200,000 business globally and made over $100,000 in ransom payments, is said to be one of the worst cyber attacks in history. However, a new ransomware strain named Nyetya is shaping up to be a more formidable security threat. It has already affected businesses globally, and security firms and researchers believe it to be stealthier and more sophisticated than WannaCry.

Worse than WannaCry

Nyetya is deemed worse than WannaCry mainly because it spreads laterally, meaning it targets computers within networks and affects even systems that have been patched. Because it also spreads internally, it needs to infect only one device to affect several others within a single network.

Cyber researchers trace its origins to a tax accounting software called MEDoc, which infected 12,500 systems in Ukraine. Since the initial infections in June, it has spread to thousands of networks in 64 countries. And although it hasn’t spread as fast as WannaCry, it might have a wider reach soon because it uses three attack pathways to infect a system. It hasn’t made as much money as WannaCry, which is why cyber researchers are concluding that the attacks are not economically motivated.

Don’t pay the ransom

Cyber security firms and researchers strongly recommend affected businesses to avoid paying the ransom. According to them, paying the ransom would be a waste since the infected user won’t be able to receive a decryption key to unlock their files or systems. This is because the email provider has blocked the email address on the ransomware message.

Although it operates like a ransomware — locking hard drives and files and demands a $300 ransom in Bitcoin — it functions more as a wiperware that aims to permanently wipe out data and/or destroy systems. So far, it has affected big-name multinationals in various industries, including Merck, Mondelez International, and AP Moller-Maersk, among others.

Perform backups and update outdated security patches

The only way businesses can be protected is by performing backups and staying on top of patch updates.

It’s safe to say that in case of a Nyetya attack, there’s no chance of getting back your data. In such a scenario, you would have only your backup files — whether on an external storage or in the cloud — to fall back on. But backing up is not enough; you should also ensure that your backups are working, which you can do by testing them regularly. Given the nature of Nyetya, you should also make sure that your backups are stored off-site and disconnected from your network.

Like its predecessor, Nyetya exploited vulnerabilities in unpatched Microsoft-run computers. As a business owner, make it a part of your cyber security routine to update your systems with the latest security patches, or risk having your files or systems permanently corrupted.

As a business owner whose operations’ lifeline depends on critical files, your backups are your insurance. If your systems’ network security needs another layer of protection, get in touch with us today.

Published with permission from TechAdvisory.org. Source.

macOS High Sierra’s new features

High Sierra — Mac’s first full OS upgrade since Snow Leopard in 2009 — has finally been released as public beta. But users who expect shiny new features might feel slightly disappointed as the new OS’ most useful updates are actually under the hood. To that end, let’s take a look at what’s new in macOS High Sierra.

Photos

Photos gets the most visual upgrade designed to improve user experience especially for those with numerous pictures to browse through. The toolbar has been revamped and is now customizable, allowing you to re-order sections. Media is now organized by content type, like Bursts, Live Photos, Panoramas and more.

Apple has also brought in a new editing tool with plenty of filters and basic photo-editing features like Curves, a color adjusting tool, and Selective Color, a dropper tool that allows you to choose a certain color and manipulate it according to its hue, saturation, etc. What’s more, if you’re already using other photo-editing software like Photoshop or Pixelmator, you’ll now be able to open images on those programs directly through Photos. No more going back and forth over importing images.

High Sierra’s new editing tools will also be available in the iPhone’s Live Photo feature, allowing you to crop and adjust the color of animated images in the toolbar.

Safari

Safari’s settings now feature a Website pane that allows you to customize the way you interact with different sites. You can make a site always appear in Reader Mode, shut off autoplay, apply content blockers, and more.

But the real excitement comes with Intelligent Tracking Prevention, a new feature that uses machine learning to remove cross-site tracking. This is ideal for sites with annoying tracking tendencies and eliminates things like advertising cookies, so the things you shopped for don’t follow you to every site you visit.

Useful contextual information, however, is saved for pages you actually visit so not all will be lost. This feature is activated by default but you can disable it in Safari’s settings.

New file system

Introduced at the last WWDC, Apple’s new file system, known as Apple File System (APFS), is finally seeing the light of day with High Sierra. Apple claims that APFS is a crucial component in making High Sierra its fastest operating system ever.

What’s so special about APFS? Speed, efficiency, and security. Copying large files now runs almost instantly on Apple File, plus it supports far more files than ever, letting you put nine quintillion of them onto a single volume. It’s also backwards compatible with all of your current formatted drives and features multikey encryption that integrates with all of your Apple devices.

Be warned that installation could take some time. This is because High Sierra is converting your boot drive to support the new file system. While Apple is confident that all your files will be intact, we recommend you conduct a full system backup prior to installation just to be on the safe side.

Other minor upgrades

  • Siri: You can expect a new voice for Siri just in time for the arrival of Apple’s HomePod, the company’s take on smart home assistants.
  • Metal 2: Apple’s graphics API gets VR and external GPUs support.
  • Mail: Messages are compressed differently to ensure they use up to 35 percent less space than before.
  • Spotlight: Finder’s built-in search now features flight tracking (also added to Safari). Just type in a flight number and it will provide relevant information like status, delays, gates, etc.
  • FaceTime: You can now snap a Live Photo-style moving screenshot of your conversation with another person while FaceTiming.
  • Messages: Conversations are now automatically stored in iCloud to improve syncing across Apple devices and free up local storage space.

While macOS High Sierra might not be the most exciting upgrade in Apple history, it’s an imperative one focused on refining an existing product, one that builds a solid foundation for Apple’s future technology. If you’d like to know more about other Apple products and how they can drive value for your business, just give us a call and we’ll be happy to help.

Published with permission from TechAdvisory.org. Source.

Automate mundane emails to get more done

Everyone wishes there were more minutes in a day. Between repetitive emails and seemingly endless meetings, it’s hard to find time for important tasks. Thanks to the increasing affordability of enterprise-level IT however, SMBs can start getting at least half of those problems under control with email automation.

What is email automation?

Usually included in customer relationship management (CRM) software, email automation centers around the idea of combining your business data into emails to customers and prospects. This allows you to draft templates with placeholders for names, addresses, and other variables that the platform will match with individuals from your email list.

Even better however, is personalizing how and when your emails go out to clients. Automatically inserting customer data into an email is great, but it still requires that you draft the content that surrounds it and hit Send. Email automation grants you the ability to create templated emails that are automatically merged with client data and sent when certain conditions are met.

Examples of email automation

To really get an idea of how valuable this solution is, it’s important to see what it looks like in action. Say you own an eCommerce site that sells complementary goods, like golf clubs and golf balls. You could create a campaign wherein anytime someone buys a set of clubs, pre-written emails automatically go out one month later on how high-quality golf balls improve your handicap.

You’re not limited to two-step workflows either. Take a look at this example:

  • Step 1: Send a personalized email with a special offer on golf balls for existing customers.
  • Step 2: Send a follow-up based on how customers interacted with the offer email:
    • If a customer cashed in the offer, send a thank you email.
      • Step 3: Follow it up with a similar offer three months later.
    • If a customer visited the promo page but didn’t convert, send a promo email for another type of product, like golf bags.
      • Step 3: Follow it up with either a thank you email or another promo for golf clothes.
    • If a customer didn’t even open the email, send a survey email asking about their interests.
      • Step 3: Follow it up with email campaigns based on what they selected.

Email automation means there’s no need to micromanage your customer relationships. As long as you define the path to purchase for high-volume products, you can program workflows to nurture customers and prospects automatically.

For as little as a couple hundred bucks a month, your customer outreach campaigns can compete on the same level as your corporate counterparts with little effort from your team. Add in an expert IT provider and you have the ability to blow the competition out of the water. To learn more, contact us today!

Published with permission from TechAdvisory.org. Source.

How thin and zero clients save money

Businesses are always looking for ways to cut costs without sacrificing growth. For the longest time, many believed that they had to purchase workstations with its own processing power, RAM, and hard drive. But thanks to virtualization, companies can save money and get the computing processes they need with thin and zero clients.

What are thin and zero clients?
Thin clients are stripped-down computers with minimum processing power and memory. They rely on a basic operating system and a network connection to access a more powerful system where almost all computing processes take place.

Zero clients work the same way. The only difference is that there’s no local storage or operating system installed on the device; all the software, storage, and processing power sits on a server until you need it. This setup makes it ideal for cutting costs, and here’s why.

Reduced hardware costs
When it comes to upfront costs, thin and zero clients are the obvious choice. Conventional desktops start at $300 per user, while thin clients can go for as low as $90 per user. And since they have no hard drive or other moving parts, lean devices tend to be more durable and have a longer lifespan than their traditional counterparts.

Simplified IT management
Another benefit of thin clients is that they can be managed from a server. Suppose a new software update was released. Instead of manually downloading the patch on each computer, you can simply install the update on your server and roll it out to all thin clients. Apart from upgrades, you can make backups, security configurations, and application deployments in the data center. This quickens setup, reduces downtime, and increases employee productivity.

Minimized security risks
Thin clients also help you avoid costly malware attacks and data breach incidents. Your employees and poorly managed endpoints are the biggest vulnerabilities with traditional desktops. Thin and zero clients reduce these problems by limiting direct access to the operating system. This prevents employees from copying sensitive data to removable media and installing software, malicious or otherwise.

If your thin client is damaged or corrupted, you don’t have to worry about your data, as it’s originally stored in an impenetrable server.

Decreased energy consumption
Because processing is done locally, traditional desktops generate a lot of heat and require more power, which results in huge power and cooling bills at the end of the month. By contrast, thin and zero clients consume only 4-6.5 watts of power, almost 1/50th of thick client requirements. What’s more, they require little to no cooling, allowing you to enjoy significant cost savings.

When looking for cost-cutting solutions, thin and zero clients should never be overlooked. The reduced hardware costs, power bills, and security risks are just too good to pass up. But if you’re still unsure about this technology, give us a call. We’ll assess your tech needs and determine whether or not thin or zero clients can help you succeed.

Published with permission from TechAdvisory.org. Source.