In this video interview, you'll hear from Managed Solution's Virtual CIO Tony Pecora and learn more about what it means to have a modern workplace to support your remote workforce. Tony's vast knowledge is a perfect blend between business and IT and has helped clients saved over $250,000 annually with his recommendations when evaluating and optimizing IT. Tony discusses why a modern workplace is so important, especially today, and the effectiveness and benefits of a modern workplace. He addresses the important items for business leaders to understand technology to support their new remote workforce and what to consider when looking at a digital transformation, which many of us now find ourselves in.
It's always evolving and changing but using digital information aids to adapt that to your workplace to modernize it. It's less about brick and mortar but achieving company goals no matter where you are or what time it is. You can get tasks complete whenever wherever and not just inside office walls.
The benefit has been with the remote workforce is when you work remote is the time you save. That’s that much more time you can assist on client escalations (as tech team). There's just so many monetary and efficiency benefits, plus of course, the work-life balance. The thing is IT will never be an 8-5 Monday to Friday job so work-life balance is so important to technical teams. The ability to have some flexibility and have a break in the day is really nice and then get back to work on "off hours" to tend to things like server reboots, etc to not disrupt the client.
As a leader, ask yourself, what is possible with the infrastructure you currently have? Then re-evaluate your existing infrastructure. People weren't necessarily ready for a modern workplace but evaluating what you have and optimizing it can save you a lot of money, rather than just adding new things.
Your backbone or structure is most important on how you connect to the internet in addition to voice dialing on your phone. If you don't have internet or internet-enabled devices, you really limit what you can do as a business. Sometimes having a backup as well. It needs to handle the bandwidth. It's not just about plugging in a router. Location matters, what kind of service is available in that location. Core infrastructure including firewall and router and switches that protects you from the outside world are all things that need to be considered. Basically, what do you need to connect to, how do I connect to it, what is the amount, and is it scalable? Then we can formulate a plan for the best connection & user experience. When you look at enterprise companies with 1000 people - the question is why do you need all of the employees to come into the office? Is it compliance or legal reasons? Have you evaluated the cloud? Should we move it and host externally? Are your employees just using email, file sharing? Do they need some sort of security clearance so that they can only access certain files when connected to the company network?
Businesses may consider a hybrid environment, especially with email. Email sitting in-house becomes really expensive and if there's a breakdown with the server, all email is down so we'll see clients move their email to the cloud as one of the first things to go to the cloud.
Onsite support has become remote. It's important that we help people in the experience that they're having. We want to remote into experience what they're dealing with, whether it's spotty internet, a hotel room where you're 3 floors from the router, etc. Just because we're not on-site, doesn't mean we can't experience what they're experiencing. While remote, it's important to have more cadence than you're used to as a manager or department head. Your team is going through something totally new. Your IT team was supporting 7-9% of the company who was previously remote and now you have to support 97% of the company. In many cases, a lot of companies didn’t prepare for this but it still needs to be addressed. So it's important to have regular communication to have a close handle on what's going on.
As written by Rob Walker.
Employee behavior is considered one of the main reasons why phishing attacks can be effective. With proper education your staff can be made aware of how to spot phishing attacks and stop them in their tracks.
Alert your staff to look for these red flags when they receive e-mails that are requesting some form of payment, account password authentications, or account deletions:
Alert your staff to follow these rules when it comes to suspicious activity:
In addition to these tips, it could be a good idea to put Microsoft Defender to use company-wide. It is a part of Office 365 that can protect your staff from malware attached emails as well as unsafe links embedded in emails.
It is also a good idea for you to obtain certified security awareness training. A reputable company that provides this service is KnowBe4 and they provide the following:
Educating your staff is key. They are often the only line of defense when it comes to sophisticated phishing attacks. Contact us to learn more about getting your users fortified with the knowledge and support they need.
If you’d like to read more on phishing and cyber security, read our blog on How to Prevent, Detect, and Protect Yourself from Phishing Attacks.
Image source: https://www.microsoft.com/en-us/us-partner-blog/2017/02/21/office-365-partners-office-365-secure-score/
Security issues are becoming an ever growing concern across the digital landscape. As such, numerous security solutions have been developed as a means of counteracting these threats. Unfortunately, however, leveraging these solutions and configuring their controls, coupled with a lack of knowledge around these controls, many security teams are having difficulty balancing security and productivity, while remaining on top of developing trends.
With Microsoft Secure Score, however, companies can have far better control and visibility over their security posture. The platform offers integration with other Microsoft products, Microsoft 365 identities, data, apps, devices, and infrastructure. It also provides a comparison score to other companies and score tracking, taking into account when third-party solutions tackle recommended solutions.
Microsoft Secure Score gives you points every time you configure recommended security settings and features, take important actions, and perform security-related tasks, even when implementing them with third-party software.
Security recommendations to help streamline the process are organized into groups as follows:
Your current score and available points will be divided among these groups. On the overview page, you'll also get a historical trend and benchmark comparisons of your security score, helping you to make better decisions down the line.
Whenever you decide to take action on any of these groups, you will be presented with four options:
It's important to note that some improvement actions will be scored in a binary fashion, meaning that you'll get all of the points once the operation is performed. Other actions, however, you will only get a percentage of the points of the overall configuration. So, if the action of protecting all of your users with multi-factor authentication, for instance, is worth 30 points, but you only protect half of your employees, you will only get 15 points.
You can also view your company's score over time in the history tab, which includes a global and industry average, as well as all the actions taken within any given time frame. Lastly, you should keep in mind that the Microsoft Secure Score is not an absolute measurement of your digital safety since no online service is immune from security breaches. It is more of a summary of your security posture based on the measures you've implemented in your Microsoft environment. This tool will help you have a better chance of not being breached.
Numerous factors go into choosing a cloud platform for an organization. Among these, we can count things such as access, design, functionality, and, of course, security. As the business landscape becomes more digitized with every passing day, the threat of cybercrime is growing ever more real. By choosing a platform that will best suit the security needs of your organization, will go a long way in safeguarding your data and processes.
Among the most popular and widely used of these cloud platforms for business, we can consider Microsoft Office 365 and Google Docs, or officially known as Google G Suite. Of the two, Office 365 is older and more commonly used among businesses, providing the familiarity and ease of use of Windows apps. The G Suite, on the other hand, is newer and on an almost equal footing with Office 365 when it comes to security. Each of them has its abilities and will probably be a better fit, depending on what you look for.
Regarding data monitoring and protection, Google controls its entire hardware stack. It means that it can address and block security threats quickly. G Suite also offers full data encryption, while its machine learning capabilities help to detect threats more efficiently. When it comes to user data protection, G Suite focuses on malware threats in terms of infection prevention.
Office 365, on the other hand, offers an email filtering service that targets advanced spam and malware viruses. These include malicious URLs with various phishing traps and other similar infections. This platform is more focused on overall cloud security. Data encryption is also a top priority.
Concerning compliance management, Google has strong user contracts that ensure their compliance environments are maintained.
That said, the platform is compliant with the following certifications:
Office 365, on the other hand, has over 900 controls built in its compliance framework. It helps the platform stay on top of every development and industry compliance standards. Besides, a team of compliance specialists track all of these regulations and helps build them into their programs.
Office 365 compliance certifications:
G Suite had faced some challenges in the past since it had a minimal set of security management features. And even if it has made some strides more recently, companies should still review G Suite’s user controls to make sure that it suits their respective industry. Nevertheless, admins can more easily manage user accounts, user permissions, and control access.
With Office 365, user control is built into every section. Admins have full control of security policies surrounding content sharing and external users. It allows them to create customized policy infrastructures with unique security demands based on their organization. If implemented correctly, this dramatically increases cloud security.
Regarding software and system updates, both the G Suite and Office 365 offer a seamless experience, automatically weeding out any weak security issues. Office 365 used to have a problem with this, but since it has become fully integrated into the cloud, this is no longer an issue.
When it comes to the bottom line, both the G Suite and Office 365 have well put together security infrastructures. And while both platforms can be useful for companies, there is one final point to consider - namely data privacy.
While Microsoft has made it clear that they will not scan user data and make it available to third parties for advertisement purposes, the same thing cannot be said about Google. And with Microsoft's years of experience in optimizing security strategies and patching up security vulnerabilities, it makes Office 365 a better candidate.
If you are interested in migrating to Office 365, Managed Solution is here to help.
We provide a hands-on discovery of the Microsoft Suite of products through a Customer Immersion Experience. We’d love to host a CIE on-site or at our headquarters for you to learn more. We supply all the hardware and software for you to demo the tools interactively with a group. Contact us to learn more.
With more and more companies embracing cloud computing, the long-held misconception that it isn't secure is fading away. If you are already using Office 365 or are intending to do so, know that it has numerous security features that can help you out.
And as cyber crime is evolving, Microsoft is continuously bringing in new features to bolster its users' safety. There is no such thing as being too safe when it comes to the digital environment and, for this reason; Microsoft Office 365 is a great choice to protect your organization and its data.
That said, there are several such features.
Ransomware is at an all-time high, being spread by malicious links and various other email attachments. To make matters worse, these are becoming increasingly sophisticated and realistic, making it difficult even for the more tech-savvy among us to tell the difference. The Advanced Threat Protection feature will significantly improve security by stopping those links and attachments from making it into the users' inboxes, in the first place.
It does this by opening them in a virtual environment, separate from your environment, and checks them for any malicious activity. It is done before they are sent to the inbox, and if there are threats discovered, they will not infect your system.
Email interception is a preferred way for many cybercriminals to get their hands on sensitive information. But with Outlook's end-to-end encryption, hackers will have a much harder time intercepting emails.
The process works by requiring all non-Outlook recipients to choose between single-use passcode or re-authentication when opening an email from an Outlook sender. Outlook-to-Outlook email exchange, on the other hand, will not require any further action, regardless of device or operating system.
Detecting a compromised account is nearly impossible until the damage is done. But the Azure Active Directory Identity Protection feature will be able to identify and prevent hackers from getting in, in the first place. The system uses machine learning (ML) to understand the daily processes and activities of your organization, red flagging any unusual behavior.
It can detect multiple log-ins that happen in quick succession or from various locations. It also learns the usual times of log-ins, highlighting any deviations from that pattern. Once a threat is detected, the person attempting to log-in may be asked to perform multi-factor authentication, an ID verification, or prevent them from signing in altogether.
Mobile device management (MDM) is about controlling access to your company's data. The built-in MDM feature of Office 365 helps companies where employees are only able to access email from company-issued devices.
For a higher degree of control, however, and if your employees will be accessing more than email or using their devices, there is also the Microsoft Intune feature. It will give you a greater deal of control concerning how data is used on mobile devices. For instance, you can restrict the possibility to copy data from a managed to a non-managed app.
All of these features and others more will help ensure the safety of your organization against cybersecurity threats when using Office 365. If you want to learn more or know how to utilize them to their fullest effect, our specialized consultants are at your service.
We provide a hands-on discovery of the Microsoft Suite of products through a Customer Immersion Experience. We’d love to host a CIE on-site or at our headquarters for you to learn more. We supply all the hardware and software for you to demo the tools interactively with a group. Contact us to learn more.
The healthcare industry has been steadily moving towards consumerization. It means that, as the industry moves towards value-based care and patients demand easier access to their data, cyber threats are also increasing. With greater patient access such as telemedicine, mobile, patient portals, and remote platforms, the threat surface has also increased.
To decrease this threat, two-factor or multi-factor authentication (2FA), was introduced. A 2FA is a method of confirming a user's identity by using a combination of two different factors. One such example is when a person wants to withdraw money from an ATM by using a combination of their bank card and PIN. Similar is the use of a password and generated code.
Nevertheless, a security researcher has recently released a hacking tool that can automate phishing attacks and break through multi-factor authentication with relative ease.
Developed by Piotr Duszynski, Modlishka is a reverse proxy tool designed to handle traffic from both login pages and phishing attacks. The device is launched between the user and the target website, where the user is connected to the Modlishka server through a phishing domain.
Traditionally, phishing campaigns are disguised to resemble the target website as close as possible. It can include sent emails that look nearly identical to the corporate address. But with Modlishka, users are brought through all the legitimate site passes, where it records their information.
What this means is that all passwords and credentials inputted by the user will automatically record into the hacking tool's backend. At the same time, the tool will request users to enter their two-factor authentication. If the hacker monitors and collects this information in real-time, they can use it to log into the system and the victim's account. All that hackers need to leverage this tool is a phishing domain to host the server and a valid TLS certificate.
In his blog, Duszynski said that “I hope that this software will reinforce the fact that social engineering is a serious threat, and cannot be treated lightly. So the question arises: is 2FA broken? Not at all, but with a right reverse proxy targeting your domain over an encrypted, browser trusted, communication channel one can really have serious difficulties in noticing that something is seriously wrong.”
He also went on to say that “Include lack of user awareness, and it literally means giving away your most valuable assets to your adversaries on a silver plate. At the end, even the most sophisticated security defense systems can fail if there is no sufficient user awareness and vice versa for that matter.”
The best method to protect your organization against this threat is by using hardware two-factor authentication, based on the U2F protocol. The next step of the process should include raising awareness of the danger of reverse proxy phishing attacks among staff members and other users.
Also, a good password management solution may also be required, as they continue to be a strong defense against phishing attacks. Such a solution will not prompt you to enter your password on a domain it doesn't recognize, meaning that you won't end up giving up your credentials unless the URL is safe.
When it comes to the healthcare industry, user authentication is at the highest risk of cybercrime. And with the introduction of this new tool, as well as others that may exist, this risk is further increased.
Health organizations can reduce this risk by leveraging the right types of technologies and by supporting their employees to meet security best practices. If you need any help Managed Solution is at your service. Our specialists will determine the best solution that will fit your needs.
With the European Union's General Data Protection Regulation (GDPR) implementation on May 25, 2018, a somewhat similar type of regulation will shortly be introduced in the United States, as well. Known as the California Consumer Privacy Act (CCPA) is expected to come into effect on January 1st, 2020, adding several new regulations regarding consumers' data.
Among these regulations, we can expect things like the rights of consumers to know what data about themselves is being collected, the right to deny the sale of that information, as well as the right to delete that data. They are also entitled to know the commercial purpose of their information, to know which third-parties will have access to it, as well as the private right of action when companies breach that data.
For companies to prepare themselves for the upcoming implementation of the CCPA, they need to be aware of the regulations and assess the business risks that may come attached. Below are several ways for your company to prepare for the California Consumer Privacy Act.
One of the many new requirements of the CCPA is for every business having to deal with California residents is to update their privacy policies so that they include the residents' rights. You will need to have this ready before the act goes into effect on January 1st, 2020.
With many similarities between the GDPR and CCPA like subject data rights of access, portability, or erasure, companies can leverage their GDPR program now to prepare themselves for the upcoming CCPA better. To do this, you can use a Compliance Manager to ensure that you are up to code for both the GDPR and CCPA.
One critical aspect that needs special consideration is your data inventories. You will need to map every piece of personal information about your customers, gathered by either your marketing or sales teams. Once this is complete, you will have to make sure that it's prepared for access, portability, and deletion requests from your clients. You will also need to make sure that your marketing software vendors are also able to fulfill these obligations. If not, it would be wise to switch to more privacy-oriented vendors.
The CCPA will impose penalties for data breaches of consumers personal information. When it comes to the GDPR and CCPA, encryption is seen as a useful and effective method of protecting such personal information from unauthorized parties in the event of a data breach.
Companies will also need to reevaluate those from who they buy customer data. These third parties need to be legitimate; otherwise, you may be subject to hefty fines since this is considered as operating on breached or stolen data.
To comply with the California Consumer Privacy Act, it's best that you find a partner that will help you navigate the path forward. Managed Solution will help ensure that you are in compliance with all the requirements of CCPA. Contact us today!
Over the past several years, cybercrime has hit record highs. And as businesses become ever more technological and interconnected, digital crime is only set to rise. The cybersecurity of every organization relies heavily on its digital infrastructure as well as a good IT team ready and able to support it.
Nevertheless, cybercrime isn't only about complicated pieces of software that hackers use to infiltrate organizations. The bulk of what's considered digital crime doesn't exploit technical vulnerabilities within a system, but rather the end users that utilize these systems daily.
So, when we talk about end-user security training, we are referring to raising awareness among your staff members who can become easy targets for hackers. Anyone who is using the internet daily can inadvertently provide access to your company's sensitive data. They need to receive the proper training to spot and avoid these threats, in the first place.
There are many security threats that end users are exposed to. One of the most common, the most devastating, and ironically enough, one of the easiest to defend against are phishing attacks. Phishing attacks are nothing more than ploys designed to solicit sensitive information from end-users (passwords, user names, social security numbers, etc.), by pretending to be an authority figure, colleague, or a familiar person.
Once someone provides their password, for instance, the cybercriminal will have access to that user's information and email list. Accessing a low-level employee's inbox may not seem like such a big deal, but they can use it to phish their way up the corporate ladder and gain access to the entire company's database. Hackers will, for a time, be able to impersonate their victim without anyone knowing it. And the frustrating part about all of this is that, with the proper knowledge, phishing attacks are easy to defend against.
Providing the training and raising awareness among staff members about the types of security threats that target them directly, should be at the top of every security investment. Unfortunately, however, this is rarely the case, with personal training seldom finding its way into the budget.
A company's IT security is more dependent on its end-users that most realize. With healthcare, finance, biotech, and other industries becoming more dependent on IT solutions, security training needs to be a priority for both managers and employees alike. Without them, internal threats are only set to increase over time. Many employees use unmonitored systems or have access to the systems they do not need.
The reality of the matter is that end-user security training will increase your employees' ability to keep your organization secure, keep up with the changes in system updates, company policies, and new threats. By helping your staff members recognize these dangers and handle various security incidents, many cyber-attacks will be circumvented.
The security and future success of any digital-dependent organization may depend on their employees being able to know what a security threat looks like and report it to the IT team. It can be that simple. And with the right training, this process can be a lot simpler and more cost-effective for your entire workforce.
Together with Managed Solution, you will be able to keep your data and systems secure from any internal or external threats. Contact us today to figure out a personalized solution for your organization.
Chat with an expert about your business’s technology needs.
