[vc_row][vc_column][vc_column_text]

Azure Gov enables digital transformation | US Veterans Affairs

By Susie Adams as written on enterprise.microsoft.com

For the U.S. Department of Veterans Affairs, giving veterans access to information that is both clear and easy to understand is crucial, not only to help veterans make informed decisions about their healthcare but also to improve overall patient satisfaction and outcomes. Last month, in support of its initiative to enhance veterans’ access to quality healthcare, the U.S. Department of Veterans Affairs launched Access to Care – an online tool that allows public access and transparency to key data to help veterans, their family members, and caregivers make more informed decisions about healthcare. What you might not have known is that this online tool is powered by Microsoft Azure Government and SQL Server technology.

Built and hosted in multiple Microsoft Azure Government regions, the VA’s Access to Care site features highly-scalable, public-facing websites, giving veterans and their families an online portal that combines and simplifies complex data such as new and established patient wait times, satisfaction scores for access to primary and specialty care, and timeliness of urgent appointments. By using the site, veterans and their families can also quickly compare their VA facility with others and, where possible, provide an easy comparison to private sector facilities.

In addition to running on Azure Government, Access to Care uses Bing Maps to identify and plot the nearest VA facility locations on a map. Users can zoom, pan, and select the pins for each facility for more information. Through this mobile device-enabled interface, the site can answer veterans’ questions, such as:
o How quickly can the VA see me?
o How well does my VA’s care compare to other hospitals?
o How satisfied are veterans with their access to care?
o How is the VA doing with access overall?

According to a VA press release, “This tool is another example of VA leading the way,” said Dr. Poonam Alaigh, Acting Undersecretary for Health. “No one in the private sector publishes data this way. This tool will instill a spirit of competition and encourage our medical facilities to proactively address access and quality issues while empowering Veterans to make choices according to what works best for them and their families.”

Dr. David J. Shulkin, Secretary of Veterans Affairs, reinforced in the press release the importance of this work, saying, “No other health-care system in the country releases this type of information on wait times. This allows Veterans to see how VA is performing.”

“The VA is actively embracing digital government and taking things to a whole new level. Through the power of cloud technology, we are able to take information of great importance to Veterans and our stakeholders, such as the Access to Care website, and make it directly available to our constituents. The Access to Care site is an example of the new types of tools the VA will be pursuing that will foster transparency and empower the Veteran and our constituents to help them understand how the VA as a whole is doing and their local VA as well when it comes to access and quality of care.” – Jack Bates, Director, OI&T Business Intelligence Service Line, Veterans Affairs

A VA blog post also states that the new access and quality web tool is a work in progress and will continue to evolve and improve as stakeholders provide feedback. Leveraging agile development methodology, the VA and Microsoft teams supporting this initiative are planning several development sprints throughout the next few months. Version 2.0 of the site went live on May 1.

Microsoft is proud to be part of the VA’s initiative to enable greater transparency and to enhance the way it supports veterans around the world. This work expands on Microsoft’s commitment to provide the VA with the deepest set of services, capabilities, and compliance standards to help it best achieve its mission. For example, in March, the VA issued a FedRAMP High agency ATO to Microsoft Azure Government—a critical step in the agency’s readiness to use the cloud. By building and hosting Access to Care on Azure Government, the VA is continuing to embrace digital modernization and improve its services for veterans around the world.

To learn more about Access to Care, visit www.accesstocare.va.gov. To see how Access to Care works, please visit a demo in the VA’s blog post.

This work is further proof that worldwide government agencies like the U.S. Department of Veterans Affairs are choosing Microsoft as their partner to deepen their innovation and accelerate their digital transformation journey.

Microsoft offers the most complete, trusted, and secure cloud solution for our nearly 6 million government users across 7,000-plus federal, state and local organizations, empowering them to achieve more through digital transformation.

[/vc_column_text][/vc_column][/vc_row][vc_row font_color="#ffffff" css=".vc_custom_1471641930410{background-color: #6994bf !important;}"][vc_column][vc_column_text css_animation="appear"]

Learn more about professional services provided by Managed Solution

Network Assessment & Technology Roadmap

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

To Learn More about Professional Services, contact us at 800-208-3617

[/vc_column_text][/vc_column][/vc_row]

Azure Government – The most secure & compliant cloud for defense with new compliance and service offerings

By Tom Keane as written on azure.microsoft.com

Broad support for regulatory compliance and ongoing innovation are at the core of Microsoft’s commitment to enabling U.S. government missions with a complete, trusted, and secure cloud platform. Today, we are announcing support for Defense Federal Acquisition Regulation Supplement (DFARS) requirements, expanding opportunities for defense contractors to take advantage of cloud computing in meeting the needs of the U.S. Department of Defense (DoD). Adding DFARS compliance extends Azure Government’s lead as the cloud platform with the broadest support for U.S. DoD workloads. In addition to this compliance milestone, we are also announcing enhanced technical capabilities with the expansion of our Cognitive Services preview, addition of Graphics Processing Unit (GPU) clusters, and the addition of new database and storage options in Azure Government. With these expanded compliance and service offerings, government customers will have new opportunities to use cloud computing to help meet their mission goals.

Supporting DFARS requirements

Azure Government’s support for DFARS requirements creates new options for DoD contractors as they partner with the defense department. DoD industry partners can now host Covered Defense Information (CDI) on the Microsoft cloud platform while maintaining compliance with DoD procurement requirements, giving them access to the same set of Azure Government capabilities as the DoD itself.

“As a mission partner of the DoD, the security of covered defense information is of utmost importance. Compliance with DFARS is not only required by regulation, but is also critical to the defense of our nation,” says Michael Hawman, General Atomics CIO, “As more DoD contractors consider the adoption of cloud computing to reduce costs and increase agility and capability, the transparency by which CSPs provide support will be critical to building and maintaining trust with cloud security in the defense contractor community. Commercial cloud service providers must familiarize themselves with, and be capable of accepting flow down DFARS requirements as soon as possible."

Cognitive Services available for all customers

Building on the successful preview of Cognitive Services in March, we are now making Cognitive Services available to all government and defense. Opening the preview up to more customers, U.S. government customers and partners can use Cognitive Services to feed real-time analysis that supports their mission objectives. Leveraging the artificial intelligence from Cognitive Services for things like facial recognition or text translation, customers can more easily build applications to help make informed decisions in critical scenarios such as Public Safety and Justice. Azure Government support for application innovation is part of why agencies are choosing Microsoft as their partner in digital transformation:

“Before beginning the search for specific technologies and digital platforms to meet DC’s digital needs, we identified our own list of standards for government cloud service providers. The first three criteria are compliance, reliability and the technical architecture and environment of the platform,” says Archana Vemulapalli, CTO of Washington D.C., “Microsoft offers a strong government cloud platform and services that help my staff and me perform our jobs effectively and create the city’s digital future.”

Announcing GPU clusters, Azure Cosmos DB and Cool Storage

Azure Government continues to add services at an accelerated pace to meet existing as well as unrealized needs of the U.S. government. By announcing GPU clusters today, Azure Government further enables the use of High Performance Computing (HPC) in the cloud for government. Whether using computational analysis to better research diseases and weather patterns or helping reduce backlogs of questions answered for citizens through predictive analysis, U.S. government customers and partners are sure to benefit.

Additionally, Azure Government now supports Azure Cosmos DB and Cool Blob Storage which enable government customers to deploy global-scale databases and choose from more options to control storage costs. Azure Cosmos DB is the next big leap in the evolution of DocumentDB and, as a part of this Azure Cosmos DB release, DocumentDB customers and their data automatically and seamlessly become Azure Cosmos DB customers. Additionally, we are making Cool Storage available so customers can store less frequently accessed data like backup data, media content, scientific data and active archival data at a reduced cost.

Powering innovation at the Department of Veterans Affairs

Agencies are choosing cloud computing and Azure Government to help speed innovation to those they serve. Last month, the U.S. Department of Veterans Affairs launched its Access to Care site on Azure Government. The site helps veterans and their caregivers decide where to go for healthcare services by providing data on patient satisfaction, appointment wait times, and other quality measures from surrounding clinics and VA facilities. Already, the VA has been able to meet the demand, while enhancing the website and continuously adding new functionality by leveraging the capabilities of Azure Government.

“The VA is focused on driving transparency and empowering the veteran,” said Jack Bates, Director VA OI&T Business Intelligence Service Line, “Working closely with Microsoft to deliver the Patient Wait Times App on Azure Government, we have enabled the Department to be fully transparent about performance, and to improve service to the veteran by providing meaningful data.”

By building and hosting Access to Care on Azure Government, which achieved a FedRAMP High ATO from the VA in March, the VA is continuing to embrace digital transformation and improve its services for veterans around the world.

Cloud computing for U.S. Government

From increased support for compliance requirements to application innovation, Azure Government continues to expand capabilities that make it easier for U.S. government customers and partners to take advantage of the cloud. And with six announced government regions in the U.S., Azure Government enables customers to run mission workloads closer to their users and provides geographic redundancy that is not possible with any other major cloud provider.

Earlier this month, a monkey caused a nationwide power outage in Kenya. Millions of homes and businesses were without electricity. Which just goes to show that “not all disasters come in the form of major storms with names and categories,” says Bob Davis, CMO, Atlantis Computing.

“Electrical fires, broken water pipes, failed air conditioning units [and rogue monkeys] can cause just as much damage,” he says. And while “business executives might think they’re safe based on their geographic location,” it’s important to remember that “day-to-day threats can destroy data [and] ruin a business,” too, he says. That’s why it is critical for all businesses to have a disaster recovery (DR) plan.

However, not all DR plans are created equal. To ensure that your systems, data and personnel are protected and your business can continue to operate in the event of an actual emergency or disaster, use the following guidelines to create a disaster plan that will help you quickly recover.

1. Inventory hardware and software. Your DR plan should include “a complete inventory of [hardware and] applications in priority order,” says Oussama El-Hilali, vice president of Products for Arcserve. “Each application [and piece of hardware] should have the vendor technical support contract information and contact numbers,” so you can get back up and running quickly.

2. Define your tolerance for downtime and data loss. “This is the starting point of your planning,” says Tim Singleton, president, Strive Technology Consulting. “If you are a plumber, you can probably be in business without servers or technology [for] a while. [But] if you are eBay, you can’t be down for more than seconds. Figuring out where you are on this spectrum will determine what type of solution you will need to recover from a disaster.”

“Evaluate what an acceptable recovery point objective (RPO) and recovery time objective (RTO) is for each set of applications,” advises says David Grimes, CTO, NaviSite. “In an ideal situation, every application would have an RPO and RTO of just a few milliseconds, but that’s often neither technically nor financially feasible. By properly identifying these two metrics businesses can prioritize what is needed to successfully survive a disaster, ensure a cost-effective level of disaster recovery and lower the potential risk of miscalculating what they’re able to recover during a disaster.”

“When putting your disaster recovery plan in writing, divide your applications into three tiers,”

says Robert DiLossi, senior director, Testing & Crisis Management, Sungard Availability Services. “Tier 1 should include the applications you need immediately. These are the mission-critical apps you can’t do business without. Tier 2 covers applications you need within eight to 10 hours, even up to 24 hours. They’re essential, but you don’t need them right away. Tier 3 applications can be comfortably recovered within a few days,” he explains.

“Defining which applications are most important will aid the speed and success of the recovery. But most important is testing the plan at least twice per year,” he says. “The tiers might change based on the results, which could reveal unknown gaps to fill before a true disaster.”

3. Lay out who is responsible for what – and identify backup personnel. “All disaster recovery plans should clearly define the key roles, responsibilities and parties involved during a DR event,” says Will Chin, director of cloud services, Computer Design & Integration. “Among these responsibilities must be the decision to declare a disaster. Having clearly identified roles will garner a universal understanding of what tasks need to be completed and who is [responsible for what]. This is especially critical when working with third-party vendors or providers.  All parties involved need to be aware of each other's responsibilities in order to ensure the DR process operates as efficiently as possible.”

“Have plans for your entire staff, from C-level executives all the way down, and make sure they understand the process,” and what’s expected of them, says Neely Loring, president, Matrix, which provides cloud-based solutions, including Disaster-Recover-as-a-Service. “This gets everyone back on their feet quicker.”

“Protocols for a disaster recovery (DR) plan must include who and how to contact the appropriate individuals on the DR team, and in what order, to get systems up and running as soon as possible,” adds Kevin Westenkirchner, vice president, operations, Thru. “It is critical to have a list of the DR personnel with the details of their position, responsibilities [and emergency contact information].”

“One final consideration is to have a succession plan in place with trained back-up employees in case a key staff member is on vacation or in a place where they cannot do their part [or leaves the company],” says Brian Ferguson, product marketing manager, Digium.

4. Create a communication plan. “Perhaps one of the more overlooked components of a disaster recovery plan is having a good communication plan,” says Mike Genardi, solutions architect, Computer Design & Integration. “In the event a disaster strikes, how are you going to communicate with your employees? Do your employees know how to access the systems they need to perform their job duties during a DR event?

“Many times the main communication platforms (phone and email) may be affected and alternative methods of contacting your employees will be needed,” he explains. “A good communication plan will account for initial communications at the onset of a disaster as well as ongoing updates to keep staff informed throughout the event.”

“Communication is critical when responding to and recovering from any emergency, crisis event or disaster,” says Scott D. Smith, chief commercial officer at ModusLink. So having “a clear communications strategy is essential. Effective and reliable methods for communicating with employees, vendors, suppliers and customers in a timely manner are necessary beyond initial notification of an emergency. Having a written process in place to reference ensures efficient action post-disaster and alignment between organizations, employees and partners.”

“A disaster recovery plan should [also] include a statement that can be published on your company’s website and social media platforms in the event of an emergency,” adds Robert Gibbons, CTO, Datto, a data protection platform. And be prepared to “give your customers timely status updates on what they can expect from your business and when. If your customers understand that you are aware of the situation, you are adequately prepared and working to take care of it in a timely manner, they will feel much better.”

5. Let employees know where to go in case of emergency – and have a backup worksite. “Many firms think that the DR plan is just for their technology systems, but they fail to realize that people (i.e., their employees) also need to have a plan in place,” says Ahsun Saleem, president, Simplegrid Technology. “Have an alternate site in mind if your primary office is not available. Ensure that your staff knows where to go, where to sit and how to access the systems from that site. Provide a map to the alternate site and make sure you have seating assignments there.”

“In the event of a disaster, your team will need an operational place to work, with the right equipment, space and communications,” says DiLossi. “That might mean telework and other alternative strategies need to be devised in case a regional disaster causes power outages across large geographies. Be sure to note any compliance requirements and contract dedicated workspace where staff and data can remain private. [And] don’t contract 50 seats if you’ll really need 200 to truly meet your recovery requirements.”

6. Make sure your service-level agreements (SLAs) include disasters/emergencies. “If you have outsourced your technology to an outsourced IT firm, or store your systems in a data center/co-location facility, make sure you have a binding agreement with them that defines their level of service in the event of a disaster,” says Saleem. “This [will help] ensure that they start working on resolving your problem within [a specified time]. Some agreements can even discuss the timeframe in getting systems back up.”

7. Include how to handle sensitive information. “Defining operational and technical procedures to ensure the protection of…sensitive information is a critical component of a DR plan,” says Eric Dieterich, partner, Sunera. “These procedures should address how sensitive information will be maintained [and accessed] when a DR plan has been activated.”

8. Test your plan regularly. “If you’re not testing your DR process, you don’t have one,” says Singleton. “Your backup hardware may have failed, your supply chain may rely on someone incapable of dealing with disaster, your internet connection may be too slow to restore your data in the expected amount of time, the DR key employee may have changed [his] cell phone number. There are a lot of things that may break a perfect plan. The only way to find them is to test it when you can afford to fail.”

“Your plan must include details on how your DR environment will be tested, including the method and frequency of tests,” says Dave LeClair, vice president, product marketing, Unitrends, a cloud-based IT disaster recovery and continuity solution provider. “Our recent continuity survey of 900 IT admins discovered less than 40 percent of companies test their DR more frequently than once per year and 36 percent don’t test at all.

“Infrequent testing will likely result in DR environments that do not perform as required during a disaster,” he explains. “Your plan should define recovery time objective (RTO) and recovery point objective (RPO) goals per workload and validate that they can be met. Fortunately, recovery assurance technology now exists that is able to automate DR testing without disrupting production systems and can certify RTO and RPO targets are being met for 100 percent confidence in disaster recovery even for complex n-tier applications.”

Also keep in mind that “when it comes to disaster recovery, you’re only as good as your last test,” says Loring. “A testing schedule is the single most important part of any DR plan. Compare your defined RTO and RPO metrics against tested results to determine the efficacy of your plan. The more comprehensive the testing, the more successful a company will be in getting back on their feet,” he states. “We test our generators weekly to ensure their function. Always remember that failing a test is not a bad thing. It is better to find these problems early than to find them during a crisis. Decide what needs to be modified and test until you’re successful.”

And don’t forget about testing your employees. “The employees that are involved need to be well versed in the plan and be able to perform every task they are assigned to without issue,” says Ferguson. “Running simulated disasters and drills help ensure that your staff can execute the plan when an actual event occurs.”

[vc_row][vc_column][vc_column_text]

How to identify and avoid email scams

By Jon Watson as written on comparitech.com

People have been lying in order to con each other out of things since we first began to communicate. In days gone by, the con man had one chance to trick their mark and then had to hightail it out of the area to avoid being hunted down by a lynch mob once the nefarious plot was revealed. Con men had to travel far and wide to find new victims and to avoid being captured. These days, it’s much easier for these scammers. Most of the world has internet, and therefore email, which serves to provide a never-ending supply of targets that can be safely plucked from thousands of miles away.

Why are email scams so popular?

Any scam has to be worth it or it’s not worth doing. A scam that is worth trying has to have a few criteria going for it:

1. A reasonable chance of success

2. Some protection against being discovered and captured

3. Practical in terms of cost and time

Email hits all of these in almost all cases.

A reasonable chance of success

The term ‘reasonable’ is a bit of a moving target. If a certain scam has a one percent chance of success, it is not reasonable for the scammer to travel from town to town and spend a few days at each in the hopes of hitting that one-in-100 mark. In those conditions, the scammer would want a much higher chance of success and so would likely discard any scam with such a poor chance of success.

However, when using email, the scammer has the ability to attempt the scam on literally thousands and possibly millions of targets in a short period of time. A one percent success rate in a pool of millions of targets makes almost any scam ‘reasonable’ to pursue.

Some protection against being discovered

Email provides an almost impenetrable veil to hide behind. Email scammers are not using their own email accounts to perpetrate the fraud. They are using disposable or stolen email accounts which cannot easily be traced back to them. In many cases, the scammers are also operating from countries with little or no internet laws or sophistication. Even if it were possible to identify them, the chances of getting local law enforcement to prosecute is slim.

Be practical in terms of cost and time

While the cost of internet use varies widely across the world, it’s not so expensive that it’s impractical to use for these types of scams. In first world countries almost every household has internet service. Even in less developed countries, wifi cafes are available to large chunks of the population. Many of these email cons are perpetrated by people who don’t even have internet in their house. They borrow wifi from other places, or use internet cafes in their towns. This brings overhead cost to a very low level, even free in some cases.

An added advantage is that it takes very little time to send large numbers of emails. If the message is already typed up and ready to go, it’s possible for a scammer to send an email blast off in a few seconds from an internet cafe and then be gone.

Identifying and avoiding the most common email scams

Email scams and phishing are two very similar, but technically different things. The goal of phishing is usually to gain access to information through tricking someone into divulging their credentials to some important site such as their email or a bank. There’s usually a long game at work with phishing because gaining access to someone’s account is usually not the end goal; rather, using that information to perpetrate fraud or blackmail is common. In contrast, email scams are a shorter game. The goal of an email scam is generally limited to trying to trick someone into sending money to the scammer.

Many scams will attempt to direct you to a fraudulent website at some point. Using a browser that supports Google Safe Browsing such as Google Chrome, Apple Safari or Mozilla Firefox can alert you if you are directed to a known scam site. Safe Browsing only deals with your web activity, though. It can’t alert you about the safety of any particular email you’ve received.

With that goal in mind, an email scam can take any possible form that has a chance of succeeding. Anything that fits the criteria I listed previously is likely to be tried by email scammers. However, email scams that have proven to have worked before satisfy the criteria better. Those scams are known to have a reasonable chance of success and the ones we’ve seen repeated over and over fall roughly into the following categories.

Advance fee

The framework of an advance fee scam is this: You are offered something out of the blue (money, a car, a boat, etc.) for some reason (won a lottery, dead relative, stale bank account, etc.). The scammer wants to arrange for this desirable thing to be delivered to you, but in order to do so you will have to pay some fee in advance. Fees are usually explained as things like shipping fees or legal fees. The scammer promises to send you the item as soon as the advanced fee is paid.

The most common scams that fall under advanced fraud are:

• Lottery winnings

  The basic pitch is that a scammer informs you that you’ve won a lottery in some country, possibly your own. The winnings are substantial but can’t be paid to you until some fee is paid. The fee is usually described as a legal fee or money transfer and it must be paid in advance. The math is enticing: pay $5,000 in advance fees to get $1,000,000 in winnings. However, once the advance fee is paid, the winnings will never arrive.

• Nigerian 419 beneficiary

  Email scams originating in Nigeria have reached such epic proportions that the Nigerian Prince has become a punchline of western pop culture. The term 419 refers to the section of the Nigerian penal code which covers fraud. 419 scams are identical in intent to the lottery winning scam in that you must pay some fee in order to release a larger amount of money. The first 419 scams usually involved the story that some rich and unknown relative had died and left money. Over time, however, the 419 scams have really strained the credulity of even the most naive people.

Avoidance

The transaction starts with a request from the scammer for you to send them money. In almost all cases, situations like this will be fraud to some degree. Your best defence is to simply not get involved at all and report the attempt to your law enforcement agency.

If there is some legitimate reason why you need to be involved with this, then do thorough research on the internet about the company and find other people who have dealt with them. Do not use any references supplied by the scammer because they will almost certainly be non-existent, or also be involved in the fraud and will confirm anything you ask in order to get you to send money. Offline references are helpful as well – it’s very easy to produce a website but it’s much harder to plant an entry in a phone book or government licensing listings. Do a thorough check using as many different resources as you can think of before sending any money.

Overpayment

The main difference between the Overpayment scam and the Advanced Fee scam is that that the Overpayment scam doesn’t ask for money in advance. Rather, the scammer will send you money first and then ask you to refund some part of it. In most cases, scammers use classified ads and other sites to identify people who are selling items. The scammer then contacts the seller, makes an offer, and then sends too much money to the seller citing some unusual reason for the overpayment and giving directions on how to handle the surplus. The seller will be instructed to either refund the difference to the buyer, or send it to some third party for shipping. The scam occurs because the money that the scammer sent is not valid, perhaps a fraudulent cheque. The entire scam hinges on the seller dispensing the surplus funds before they discover that the original money sent is fraudulent.

Avoidance

Recall that the main characteristic of this type of fraud is to send you too much money and ask that some portion of it be refunded or sent to some third party for some reason. The scammer may introduce this idea during the initial contact when they indicate they want to purchase whatever you’re selling, or it may not become apparent until the payment arrives. In either case, there should be no legitimate reason for money to be funnelled through you to a third party.

It’s also useful to stop and think for a minute about overpayments. If the situation were reversed, and you were buying something from someone you’d never heard of before and had no reason to trust, does it make sense to send that person money in advance at all? Never mind too much money and then ask them to return or forward a portion of it? The world is not such a trustworthy place that a transaction like that should seem normal.

Disaster relief and pulling at heart strings

This class of scam involves pulling at the heart strings of people to trick them into sending money for some sort of disaster relief fund or to save a group of puppies who are in some mortal danger. The critical part of this scam is to create a sense of incredible urgency. If the mark doesn’t send this money right now, something dire will happen to the suffering people or puppies. The scam counts on the fact that once our emotions are fully engaged, our critical thinking abilities tend to dip and we are more susceptible to falling prey.

In many cases the scammer will craft emails and possibly a website that looks like a legitimate charitable organization. In other cases, the scammer will just make up a convincingly fake charity name.

Avoidance

If you would like to donate money to a relief effort it’s best to donate directly to a reputable organization than responding to an email. Contacting an organization such as the Red Cross or Salvation Army directly will ensure that your funds do not end up in a scammer’s hands. It’s also the only way to ensure that you will get a proper charitable receipt for your donation.

If the organization in the email is not known to you, then follow the golden rule: do extensive background checks. All charitable organizations will need to be registered with their respective government in order to be eligible to issue tax receipts. Check the listings of the applicable government that the charity purports to be from to see if it really exists.

Work from home fraud

Work from home fraud gets its own category because of the complexity of the scheme. Some advance fee fraud uses working from home as its mechanism; requiring potential employees to pay an advanced fee for materials before employment,. But that’s not quite the same thing as work from home fraud.

Some cultures deem working from home to be the ultimate goal. Being able to make a living from your own home without having to deal with the commute or unpleasant coworkers is a very popular idea. Therefore, many people are very susceptible to work from home claims that normally would not stand up to much scrutiny. However, there are some tell-tale signs that the work is probably non-existent, which I will cover in the next section.

Avoidance

There are a lot of tell-tale signs to work from home fraud:

• Money is required up front to get to work. While it’s not uncommon to have to provide some pre-employment things such as a criminal record check which you may have to pay for, paying for anything directly related to doing the job itself is a warning sign.

• The work pays much more than it appears to be worth. Adverts claiming you can make $2,000 per week stuffing envelopes are hard to believe. We live in the age of assembly lines and robots. If the job involves doing repetitive manual labour of some kind, a robot could do that much better than a human so it makes no sense to pay humans to do it.

• The work indicates that you’ll be doing work that would normally require higher education in an office setting. Jobs regarding the transcription of medical records abound, but most medical offices use well-known services to do this type of work because there can be some very high stakes if something is transcribed incorrectly. While some medical transcript companies may use home workers, they will usually have to have undergone some language and competency assessment rather than just replying to an email.

• The work requires you to purchase kits of some sort that you can re-sell, or use to construct items for re-sale. If the job involves straight re-selling, such as selling cosmetics to friends, it makes more sense for your friends to just take the same job and get the wholesale rate rather than buy from you at retail. If the job involves constructing items for sale, I remind you that things are made by robots and assembly lines these days much more efficiently than humans can.

To prevent becoming a victim of work from home fraud, look for those telltale signs. You should also do research about the company in question. If they have a history of scamming people it’s likely that there will complaints about that company on the internet. Conversely, if there is no trace of the company at all, that is also a warning sign. Virtually every business has some kind of web site or email address so a company with no visible presence on the internet is unusual. Especially if you consider that this company is using email to contact you.

CEO fraud

CEO fraud involves identifying the person or people within a company who are in charge of the money, and then attempting to get them to transfer money out by impersonating someone with authority to do so, ie – the CEO.

It is very easy for scammers to use services like LinkedIn to search for all the employees of a given company, and then look at job titles to determine who has control over the money and who has the authority to direct fund transfers. From there, the attempted fraud can range from very complex and hard to catch, to very basic. The basic scam is to send a request to the money person instructing them to transfer some money to some bank account. While this may seem very basic, many companies wire money as a matter of routine so a request like this would not seem out of place. The instructions usually state that the money is for an important deal closing very shortly. There’s always some urgency for the funds to be transferred immediately in order to prevent some bigger loss to the company. The scammers hope that the money person does not have the type of relationship with the requester to see that the request is unusual and will fulfill the request right away.

Avoidance

I recently saw an unsuccessful attempt at CEO fraud. It didn’t work because the money person in this company had a good enough relationship with the CEO to note that the CEO did not normally sign their emails in that way, among other small details. The money person simply picked up the phone and confirmed with the CEO that it was not a valid request and saved the company a large chunk of money.

The best defence against CEO fraud is to ensure that your company has a set procedure for funds transfers which includes double-checks to make sure the request is valid. Another factor that helps defeat this type of fraud is to foster good working relationships at all levels. If a workplace is supportive of questions then the money person is more likely to lean across their desk to their coworker and say does this look right to you? or pick up the phone and call the alleged requester directly.

How to respond to and report email scams

The first rule is to not respond to something that you think is fraudulent. If it happens at work, report it to your security team and your supervisor and let the company figure out the best course of action.

If scam email comes in your personal email, the best course of action is to just delete it or mark it as spam if your email provider has that option. You can also report it to your law enforcement agencies as well. That can be a useful step because these agencies usually operate alert systems whereby they can reach a larger number of people to let them know this scam is happening now. It also helps these agencies gain an understanding of how deep and wide a scam is which can help track the people behind it.

Reporting in Canada

The Royal Canadian Mounted Police (RCMP) is Canada’s Federal police force. It outlines the police agencies to contact depending on the type of fraud. It also indicates that all types of fraud should be reported to the Canadian Anti-Fraud Centre which collects intelligence on mass fraud and identification theft in Canada.

Reporting in the United States

The Federal Bureau of Investigation (FBI) operates the Internet Crime Complaint Center (IC3) which is a central place for lodging complaints about internet fraud. The IC3 may share your complaint with the law enforcement agencies that have jurisdiction for a complaint.

Reporting in the United Kingdom

ActionFraud is the national reporting centre for fraud and email scams in the United Kingdom and works with the National Fraud Intelligence Bureau.

What are Internet Service Providers doing to help?

Internet Service Providers (ISP) and Email Service Provider (ESP) typically run extensive anti-spam software. This software analyzes incoming email messages and determines the likelihood of them being spam. Emails that are determined to be spam are usually placed in your Spam or Junk folder, while safe emails are put into your inbox.

Many of the factors used to analyze an email are done behind the scenes and we don’t even see them in action. Spam filters look for things like:

• Did the email originate from an authorized mail server? Domain owners have the ability to designate which servers are allowed to send email on behalf of their domain by the use of Sender Protection Framework (SPF) DNS records.

• Does the sending mail server have a reputation for sending email spam?

• Is the content of the email likely to be spam?

Some of these checks require collaboration to perform. For example, your single email provider may not have enough information to know if the mail server that sent the email has a reputation for sending spam. Likewise, judging the content of an email to be spam can be tricky because some people really are looking for low-rate mortgages and prescription drugs. Those types of checks are done using shared lists such as Spamhaus blacklists. Spamhaus has a large database of characteristics associated with email spam, so if an email shares some of those characteristics, there is a fairly decent chance it actually is spam of some sort.

Having said that, spammers are creative and they are very motivated to get their email scam into your inbox by avoiding these spam filters. There’s no surefire way to be confident that every email in your inbox is safe. Your common sense and paranoia is the last line of defence.

Where to stay on top of new email scams

Email scams are very fluid and change rapidly. Some become widespread and hit mainstream media news shows and newspapers, and some are smaller and come and go without much fanfare. Due to this it’s very difficult for any organization to keep up with a list of current scams in action. It’s therefore important to recognize the hallmarks of a scam, instead of attempting to identify specific characteristics of any one scam.

The governments of many countries maintain some sort of fraud bureau and may publish known scams as alerts which you can monitor.

The Canadian Competition Bureau publishes The Little Black Book of Scams periodically. It’s not clear how often it is updated, so it may not be as good as a current alert list. However, it seems to be the only scam alert type of information that the Canadian government produces.

The United States Federal Trade Commission operates a Scam Alert page and the IC3 has an RSS feed of alerts here.

[/vc_column_text][/vc_column][/vc_row][vc_row font_color="#ffffff" css=".vc_custom_1471641930410{background-color: #6994bf !important;}"][vc_column][vc_column_text css_animation="appear"]

Learn more about professional services provided by Managed Solution

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

To Learn More about Professional Services, contact us at 800-208-3617

[/vc_column_text][/vc_column][/vc_row]

[vc_row][vc_column][vc_column_text]

New Signature helps businesses navigate opportunities to improve security and support today’s mobile workforce

“Our customers don’t want to be sold to,” says Reed M. Wiedower, Chief Technology Officer of New Signature, a 2015 Microsoft United States Partner of the Year. “They just want their specific questions answered.” New Signature’s approach is to start by walking a customer through a consultative process to learn what their business challenges are. “They tell us about a problem and we say, ‘That sounds frustrating. Let’s get to the heart of it.’” Only after New Signature understands the larger business challenges behind the specific problems a customer describes do they talk about solutions.

Understanding customer challenges

For example, a customer may say their people face challenges working where they want to—remotely, in the office, or on the road. “This can easily end up in a very fruitful conversation,” Wiedower says, “about how their best workers really want to be able to work on pretty much any type of device and don’t want to be limited to a very specific set of hardware and software.” Businesses come to New Signature understanding that times have changed. They see their competitors carrying tablets and other devices, sending and receiving documents and collaborating on them in real time. “They know they can do these things,” Wiedower explains, “and they come to us wanting to know how.” New Signature prides itself on going above and beyond offering IT solutions to challenges like these. “We’re obsessed with helping drive a positive experience for our customer’s staff,” Wiedower emphasizes. “Historically, that’s been the bugaboo of all types of device management systems and solutions—people hate them. They don’t like having a containerized, weird looking contacts app, or the inability to share a file with someone easily. We provide a really compelling experience that makes the customer’s employees want to adopt the technologies we recommend, rather than forcing something on them in the name of security.”

Painting the “cloud first”picture

When clients tell New Signature that they want to access and update data,wherever they want, from any device and still stay secure, New Signature uses the opportunity to paint a “cloud first” picture for them. “There’s a lot of sticky points when employees go out to a retailer and bring back a shiny piece of hardware only to be told they can’t use it because the in-house system won’t support it, or that it requires some amount of
configuration.” Microsoft competitors do not have a comprehensive answer for securing data and “Bring Your Own Device” hardware, Wiedower explains. “We tell clients that if they use EMS, their devices can be managed and maintained completely in the cloud. Employees can log in with their email address, even using a device they just purchased from a retailer, and immediately get access to their documents and data in a secure fashion.”

When IT people in small businesses feel they still need a domain controller, a file server and a print server, New Signature tells them they can choose that route if they want. But they also explain that if the customer moves to the cloud, they will be more effective and efficient while giving less thought to back-end components than they do today. “This doesn’t mean a customer’s IT person goes away,” Wiedower points out. “It just means they’re not managing a piece of junk sitting in their kitchen pantry. Instead, they’re managing a cloud service. It’s better for them because they won’t have to come in over the weekend if something goes down because the air conditioning unit shut down.”

An easy transition to the cloud

While traditional IT Pros may be hesitant to move to the cloud, Wiedower says that Microsoft makes the transition easy. “If customers are used to Outlook, switching to Office 365 isn’t a big deal,” he says. Customers pretty much know they want Office, he continues. “When they talk to friends in other organizations and learn that five out of eight of them want Office, he continues. “When they talk to friends in other organizations and learn that five out of eight of them are planning to move to Office 365 or have moved, it’s a no-brainer. In the last two years we’ve heard organizations say they tried cheaper solutions because IT forced it down their throats or likes new shiny stuff, but people want to use Word, Excel, PowerPoint and Outlook, so it’s been a pretty consistent path to a Microsoft solution.” Office 365 opens the door for New Signature, but it’s just the initial conversation. “We go on to explain the entire universe of things they can do to be more effective,” says Wiedower. The topic of speed and agility actually opens most doors, but as long as New Signature is adding business value, Wiedower explains, they can establish themselves as a trusted advisor to a client from any entry point. “We’re not here to patch their legacy IT system with technology they read about and found interesting,” Wiedower says. “We want to help them look at the bigger picture. Our goal is to help clients think like a business.”

[/vc_column_text][/vc_column][/vc_row][vc_row font_color="#ffffff" css=".vc_custom_1471641930410{background-color: #6994bf !important;}"][vc_column][vc_column_text css_animation="appear"]

Learn more about professional services provided by Managed Solution

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

To Learn More about Professional Services, contact us at 800-208-3617

[/vc_column_text][/vc_column][/vc_row]

[vc_row][vc_column][vc_column_text]

What to Love About Windows 10

 With new features, increased security, simplified IT controls, and more, it's no wonder Windows 10 is deployed on over 400 million devices worldwide. There's a lot of reasons to love Windows 10, so this infographic outlines what you need to know about the best of the best.

Fill out the form below to download the infographic!

For more information on using Windows 10 and other Professional Services, contact us at 800-208-3617

[/vc_column_text][/vc_column][/vc_row]

 

Order in the court: digital justice

By Kirk Arthur as written on enterprise.microsoft.com

From my previous 19 years in law enforcement, I’ve spent a lot of time in courtrooms. When I think about all the courtrooms I’ve seen, they’re more or less the same as they were 200 years ago, except for adding computers and monitors.

Court systems around the world traditionally have run on paper-based processes—and the vast majority still do—yet that’s beginning to change. Judicial systems in the United Kingdom generated a million pages of documents a day before moving to a Microsoft cloud-based digital justice platform. In addition to saving significant costs of producing, transporting and storing large quantities of paper, the best outcome of going digital is the data becomes easily accessible, free from paper silos, and available for analysis and interrogation to find relevant judicial hearings and decisions, case law, legal trends and more. (See more details in my blog on e-justice.)

Digital justice—a trend around the globe

I’m pleased to see digital transformation is a growing trend in courts around the globe—and producing results. After just 12 months, the U.K.’s digital justice platform has reduced more than 18 million paper documents related to 100,000-plus cases involving 18,500 registered users. In addition to moving from paper to a digital environment, courts also are innovating with other modern technologies:

• Courthouses in Portugal have check-in kiosks enabling all parties associated with a case to use their IDs to alert court administrators of their arrival.

• Technology also is improving the transparency and efficiency of scheduling courtrooms so that witnesses, victims, suspects, attorneys and judges can see when and where they’re needed instead of having to wait for a courtroom to become available.

• Remote hearings, trials and testimony, made possible by our secure Skype for Business, are making the physical location of courthouses less important. They are especially useful to:

  • Enable a panel of judges to hear cases virtually

  • Avoid the expense and danger of transporting violent defendants from jail

  • Record a victim’s statement once and then reuse that video for any following hearings so the victim doesn’t have to keep reliving the event.

• The Supreme Court of Buenos Aires upgraded to the Windows 10 operating system for better security, manageability, performance and cost avoidance. The court also is processing cases more quickly through a customized media portal built on Microsoft Azure, enabling citizens to access cases that have been registered electronically and view video recordings through an integration with Azure Media Services.

• The State Court of Justice of Sao Paulo has undertaken a digital transformation that serves citizens up to 70 percent faster—with the initial 2.5 million digitized processes saving 850,000 working hours or nearly 100 years.

Cybersecurity: the foundation of Microsoft court solutions

Court IT systems and legal records need to be protected from cyber-attacks just the same as court buildings, staff, attorneys, case participants and visitors need physical protection. Microsoft takes cybersecurity very seriously, investing a billion dollars each year to make sure our cloud ecosystem is secure. Our cybersecurity experts in the Digital Crimes Unit and the Cyber Defense Operations Center monitor information to identify real threats, and they also develop tools and techniques to track and catch cybercriminals, and share with law enforcement from around the world.

Microsoft is enabling digital transformation across government priorities while helping to ensure that organizations, such as the courts, have the trust, security and compliance they need for sensitive data. We build security into Microsoft products and services from the start. Here are a few examples:

• Microsoft Azure is the global, trusted, hyper-scale cloud, providing the most comprehensive compliance coverage of any cloud provider.

• Office 365, which is widely used by courts for scheduling and communications, provides control over data security and compliance with privacy, transparency and refined user controls built right in. Advanced Security Management also offers enhanced visibility and control.

• Microsoft Dynamics CRM helps manage and visualize the judicial process work flow—one of the biggest workloads for courts.

• Azure Media Services, which is part of the Buenos Aires solution, delivers content more securely.

It’s exciting to see courts around the world embracing digital transformation to become more efficient, productive and cost-effective while delivering a better experience to citizens.

[vc_row][vc_column][vc_column_text]

New technologies and services enhance Microsoft’s unique approach to cybersecurity

By Bret Arsenault as written on blogs.microsoft.com

Just over a year ago, Microsoft CEO Satya Nadella spelled out Microsoft’s unique approach to cybersecurity aimed at reducing an estimated $3 trillion dollars’ worth of potentially lost productivity and growth. The approach is based on a vision of individuals, companies, organizations and governments working together to address cybersecurity. It includes Microsoft’s commitment to provide a comprehensive security platform, build out an Intelligent Security Graph and partner broadly with the industry as part of a $1 billion annual investment in security. Today I’d like to share the progress we’ve made in our cybersecurity journey and highlight several new products and collaborations that further strengthen the security portfolio we offer our customers and bet our own business on every day.

Over the past year we’ve bolstered our security platform with new services like Microsoft Cloud App Security, Microsoft Defender and Office 365 Advanced Security Management. We’ve infused intelligence into security services, including Azure Security Center, Microsoft Advanced Threat Analytics and Microsoft Defender. We’ve also forged tighter connections with the industry by adding FireEye Insight Threat Intelligence to Microsoft Defender and announcing collaborations across Enterprise Mobility + Security with both Lookout and Ping Identity.

As a result of this work, there is a growing list of customers who are able to invest more time in transforming their businesses. Whole Foods Market rolled out Azure Active Directory Premium to all 91,000 employees, enabling single sign-on for the company’s 30 SaaS applications and eliminating the need for multiple passwords and different accounts – all while achieving 32 percent savings on its support contract. Merck was able to improve collaboration among its 50,000 employees while protecting its wealth of sensitive information using a combination of Azure Active Directory Premium and Office deploying Windows 10 to its more than 80,000 associates who work across 400 locations in 78 countries365. MARS is enabling a strong layer of security and authentication for its associates while on their smartphones, tablets or PCs from the office, at home or on the road.

Today we are sharing several more security technologies and services developed as part of the unique approach to cybersecurity that Satya outlined a year ago.

Comprehensive security platform

Microsoft is building a security platform that looks holistically across all of the critical endpoints of today’s cloud-first, mobile-first world. Few security tools have the ability to work across platforms and complex environments from on-premises to cloud or mobile. Our platform integrates security products and features across Azure, Windows, Office 365, SQL Server and more to better protect identities, apps, data, devices and infrastructure. Today that platform is getting even better.

• More commercial-grade security in Windows 10 and Surface: Windows 10, Surface Pro 3, Surface Pro 4 and Surface Book have been added to the NSA’s Commercial Solutions for Classified Programs (CSfC) list. Surface is also enabling enterprises to take ownership, modify, lock out and otherwise control hardware configuration, security and OS behaviors via Surface Enterprise Management Mode (SEMM). Windows is adding Windows Hello support for on-premises Active Directory only environments and introducing Dynamic Lock in the Windows 10 Creators Update to automatically lock a device when the customer is no longer within proximity. Read more from Rob Lefferts and the Windows & Devices Group here.

• Microsoft’s SQL platform continues to lead the market with advanced data security features. Today the team is announcing that Azure SQL Database Threat Detection will be generally available in April, providing a new layer of database security that uses machine learning to continuously monitor, profile and detect suspicious database activity to help customers detect and respond to potential threats. Read more here.

• Microsoft also announced the general availability of Enterprise Threat Detection, a managed security service that provides enterprises with state-of-the-art cyberattack detection and consulting capabilities. Using a combination of machine analytics, proprietary telemetry sources and dedicated human analysis, the service is uniquely positioned to continually monitor for advanced attacks in the rapidly evolving modern cyberthreat landscape. Learn more here.

• Azure Security Center and Operations Management Suite help organizations protect, detect and respond to sophisticated threats across cloud and datacenter resources. New capabilities in Azure Security Center available for preview include Just In Time network access to VMs, predictive application whitelisting and expanded Security Baselines with more than 100 recommended configurations defined by Microsoft and industry partners. Our research team continues to monitor the threat landscape and innovate on detection algorithms. Some new threat detections available to customers include Brute Force detections, outbound DDoS and Botnet detections, as well as new behavioral analytics for Windows and Linux VMs. Learn more about Azure Security Center and OMS enhancements here.

Actionable intelligence

Microsoft’s platform acts on the real-time intelligence from our network of global threat monitoring and insights. Every second Microsoft adds hundreds of GBs worth of telemetry to our Intelligent Security Graph. Customers authenticate with our services over 450 billion times every month, and we scan 200 billion emails for malware and phishing each month. Intelligence data enabled Microsoft to block an average of 200,000 exploit kit attempts per day over the last six months.

We are making a number of announcements today that give customers greater visibility into their own security configuration and threats as well as insights into potentially redundant and unnecessary data.

• Today we are introducing Office 365 Secure Score, a new security analytics tool that helps IT pros assess the strength of their current Office 365 security configuration, and gives them the ability to model how incremental changes can enhance their security and reduce risk. Insurance leader The Hartford plans to consider our mutual customers’ Secure Score as a part of the cyber insurance underwriting process.

• We’re making Office 365 Threat Intelligence available in private preview. With general availability planned for later this quarter, Threat Intelligence provides near real-time insight into the global threat landscape to help customers stay ahead of cyberthreats.

• We’re now offering a public preview of Office 365 Advanced Data Governance, which applies machine learning to help customers find and eliminate unnecessary data that may be causing them needless risk.

Read more about today’s Office news here.

Partnerships

Microsoft is fostering a vibrant ecosystem of partners across the industry who are committed to working together to combat security threats on behalf of customers worldwide. We are active within the security research community and collaborate with other security vendors to ensure that customers have the best solutions available. I’m happy to share a few more additions to the ecosystem today.

• SailPoint, a respected leader in identity governance, today announced a collaboration with Microsoft to extend the value of Microsoft Azure Active Directory. SailPoint will add its identity governance capabilities to Azure Active Directory’s unique access management and identity protection services. The combination of services will cover the compliance, enhanced security and identity management needs of modern organizations in demanding industries such as health care and financial services.

• We are announcing a new learning path, Cybersecurity Administration, for our cornerstone program Microsoft Software & Systems Academy (MSSA), which is part of the company’s commitment to help service members gain the critical technology skills required for today’s high-paying IT STEM careers prior to transitioning to civilian life. The new learning path is in coordination with curriculum from (ISC)² and Embry-Riddle Aeronautical University (ERAU), both leaders in cybersecurity.

• Microsoft today published a new Enterprise Mobility + Security Playbook, which helps partners to keep customers secure on their favorite apps and devices – and to keep their company data protected.

Microsoft and the industry are working hard to give people the trust and peace of mind they need to move their businesses forward in today’s cloud-based economy — helping customers navigate a rapidly evolving cyberthreat landscape. More than 3 billion customer data records were breached in high-profile attacks last year. DDoS attacks of 100 gigabits per second were rare just a few months ago. Today we’re seeing attacks of more than 600 gigabits per second.

Customers are looking for affordable solutions that increase the efficiency and effectiveness of their security programs. The good news is that there have never been more or better security solutions to choose from. Whether you choose to work with Microsoft and our partners or not, I encourage everyone to revisit your security posture – both at home and at work – to make sure you’re taking full advantage of the security resources available to you.

You can hear more from Microsoft during the RSA Conference 2017 next week, when we’ll share additional details about our approach and our commitment to provide the platform, intelligence and partners that will help protect our customers now and into the future.

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

Network Assessment & Technology Roadmap

To Learn More about Professional Services, contact us at 800-208-3617

[/vc_column_text][/vc_column][/vc_row]