Blog

June 23rd, 2017

It’s rare that business owners have a chance to get move value out of their existing IT solutions without investing more resources in them. But with Microsoft’s latest data analytics platform, business owners can make sure they’re squeezing every last drop of productivity from Office 365, for free.

What is Power BI?

Released in the spring of 2016, Power BI is Microsoft’s business analytics platform. Regardless of whether or not data is stored within a Microsoft platform, connecting Power BI to a database allows you to create detailed graphs, charts, maps, and more. For example, if you upload sales records, dragging and dropping two columns is all it takes to map out where your product sees the most demand.

Recently, Microsoft announced a brand new feature for business owners who want to get more value out of their software subscriptions. The Office 365 adoption content pack collects information about how your employees use Microsoft productivity software, and feeds it directly into Power BI’s analytics. There are four types of insights you can work with:

Adoption

These metrics give you visibility into how much each O365 platform is being used. You may be paying for OneDrive accounts for the entire organization, only for Power BI to reveal that less than a quarter of your team is using it. Compare enabled users and active users to get a clearer picture of your investments.

Communication

You can also see exactly how employees are using communication solutions. If nearly everyone on the team is accessing Skype for Business from a mobile data connection, it might be time to reduce your investments in cellular-based minutes.

Collaboration

Microsoft has several collaboration platforms, and without proper guidance, employees are likely to use the easiest one rather than the best one. Power BI shows you how much time users spend time in their own Word, PowerPoint, and SharePoint documents compared to the time they spend in documents from colleagues. This shows you which platforms encourage the most collaboration and which ones are struggling.

Activation

- The activation insights give you under-the-hood visibility into which versions of O365 users are running, and what devices they use to access them. That may seem like trivial information, but it can have huge impacts on cyber security.

Power BI comes in three different plans: Desktop, Pro, and Premium. Best of all, both the Desktop plan and the Office 365 adoption content pack are totally free. If you like what you see, consider enlisting us to set up and optimize either a Pro or Premium Power BI deployment -- we’re only a phone call away!

Published with permission from TechAdvisory.org. Source.

Topic business
June 19th, 2017

Over the years phishing -- a social engineering attack that uses seemingly innocuous emails to trick victims into giving away personal information or clicking a malicious link -- has grown in sophistication and scale. In order to put a stop to these scams, Google has made some security enhancements for Gmail. Here how the new anti-phishing features work.

Machine learning Google is approaching email security the same way they’ve been developing their products, with machine learning technology. Phishing scams usually follow a predictable pattern when you analyze them. Knowing this, Gmail experts developed an algorithm that analyzes phishing and spam patterns and updates Google’s security database in real time.

When the same phishing attempt is made, Gmail flags potentially dangerous messages and sends them through Google’s Safe Browsing feature, where message links and file attachments are tested for malicious activity. According to Google, around 50 to 70 percent of emails that get sent to Gmail accounts are spam and phishing emails, but with the new detection algorithm, Gmail can block 99.9% of them.

Click-time warnings Google has also added precautions for suspicious links. When you accidentally click on an unsolicited link in a message, Gmail will redirect you to a security page titled: “Warning -- phishing (web forgery) suspected.”

Although Google does not completely block access to the link (in case of false positives), it advises you to be extremely careful if you do decide to proceed.

External reply warnings Another enhancement focuses on securing reply messages. The Gmail feature warns users when they are about to send a reply to an address that is not in their contact list or company domain. This small improvement is designed to prevent users from giving away sensitive information to third-parties.

Every Gmail user can take advantage of these new security controls today, but it’s important to keep in mind that these can’t replace security awareness. Even Google has mentioned that these features are complements to existing security systems and best practices. Being able to identify what is or isn’t a scam can go a long way in protecting your business.

Google is adding machine learning technology in almost all of their products. To find out where they’ll apply it to next, get in touch with our experts and stay tuned for more Google-related posts.

Published with permission from TechAdvisory.org. Source.

Topic google
June 16th, 2017

Business owners stand to gain a lot by taking the time to understand emerging IT trends. In the case of containers, it’s an opportunity to reduce costs, increase hardware efficiency, and improve data security. One of the best ways to learn about containers is to address the misconceptions about them.

Containers are made up of the bare minimum hardware and software requirements to allow a specific program to run. For example, if you want to give employees access to a single Mac-based server application, but everything else you run is in Windows, it would be a waste to build a new machine for just that program. Containers allow you to partition just the right amount of hardware power and software overhead to run that Mac program on your Windows server.

Misconception #1: There is only one container vendor

Traditional virtualization technology -- which creates entire virtual computers rather than single-application containers -- has had two decades for vendors to enter the market and improve their offerings. Containers, however, didn’t break into the mainstream until a few years ago.

Fortunately, there are still more than enough container vendors. Docker dominates the industry and headlines, but there are at least a dozen other programs to choose from.

Misconception #2: Containers require virtualization

In the early days, containers could only be created and managed in the Linux operating system. This meant complicated and sometimes unreliable improvisation was required to benefit from container technology on Windows and Mac servers.

First, you would need to virtualize a full-fledged Linux install on your Windows or Mac server, and then install container management inside of Linux. Nowadays, container management software can run on Windows and MacOS without the confusing multi-layer systems.

Misconception #3: You can’t create and manage containers in bulk

Separate programs, known as Orchestrators, allow you to scale up your use of containers. If you need to partition more hardware power so that more users can use a container, or if you need to create several identical containers, orchestrators make that possible.

Misconception #4: Containers are faster than virtual machines

Obviously, virtualizing an entire operating system and the hardware necessary to run it requires more management and processing requirements. A lot of people tend to think this means containers are faster than virtualized machines. In reality, containers are just more efficient.

Accessing a container is as simple as opening it and using the application. A virtualized machine, however, needs to be booted up, a user needs to log in to the operating system, and then you can rummage through folders to open an application. Most of the time containers are faster, but there are instances when that's not true.

Virtualization and containers are complicated technologies. For now, just remember that 1) Virtualization and containers are separate technologies, each with pros and cons; and 2) you have plenty of software options to manage containers (sometimes in bulk). For anything more specific than that, give us a call!

Published with permission from TechAdvisory.org. Source.

June 14th, 2017

Microsoft’s Office 365 comes with a broad range of tools that will make you and your colleagues more productive. It has simultaneous co-authoring features, SharePoint, OneDrive, and Groups, just to name a few. However, there may be some features you might not be using. To get the most out of your Office 365 service, consider these tips.

Declutter your inbox If you’re having trouble managing the overwhelming amount of emails in your inbox, then using Office 365’s “Clutter” feature can clear up some space. To enable this feature go to Settings > Options > Mail > Automatic processing > Clutter then select Separate items identified as Clutter. Once activated, you need to mark any unwanted messages as “clutter” to teach Office 365. After learning your email preferences, Office 365 will automatically move low-priority messages into your “Clutter” folder, helping you focus on more important emails.

Ignore group emails Are you copied on a long email thread you don’t want to be part of? If so, simply go to the message and find the Ignore setting. Doing this will automatically move future reply-alls to the trash so they never bother you again. Of course, if you ever changed your mind, you could un-ignore the message: Just find the email in your trash folder and click Stop ignoring.

Unsend emails In case you sent a message to the wrong recipient or attached the wrong file, Office 365 has a message recall function. To use this, open your sent message, click Actions, and select Recall this message. From here, you can either “Delete unread copies of this message” or “Delete unread copies and replace with a new message.” Bear in mind that this applies only to unread messages and for Outlook users within the same company domain.

Work offline Whenever you’re working outside the office or in an area with unstable internet, it’s a good idea to enable Offline Access. Found under the Settings menu, this feature allows you to continue working on documents offline and syncs any changes made when you have an internet connection. Offline access is also available in your SharePoint Online document libraries.

Use Outlook plugins Aside from sending and receiving emails, Outlook also has some awesome third-party plugins. Some of our favorite integrations include PayPal, which allows you to send money securely via email; and Uber, which lets you set up an Uber ride reminder for any calendar event. Find more of productivity-boosting plugins in the Office Store.

Tell Office applications what to do If you’re not a fan of sifting through menus and options, you can always take advantage of the Tell Me function in your Office 2016 apps. When you press Alt + Q, you bring up a search bar that allows you to look for the functions you need. Suppose you need to put a wall of text into columns on Word but can’t find where it is specifically. Just type ‘column’ and Microsoft will help you with the rest.

These tricks and features themselves will definitely increase productivity. And fortunately, there’s, there’s more coming. Microsoft continues to expand Office 365’s capabilities, and if you truly want to make the most out of the software, don’t be afraid to explore its newly released features.

For more Office 365 tips and updates, get in touch with us today.

Published with permission from TechAdvisory.org. Source.

Topic Office
June 12th, 2017

The waitlist for Pinterest’s latest “DIY Promoted Pins” tool is proof of how eager small- and medium-sized businesses are when it comes to social media marketing. Establishing a solid online presence, promoting corporate content, and driving website traffic at the same time is every business owner’s dream come true. Here are some pointers to keep in mind.

Know your audience According to a study conducted by Ahalogy and AcuPOLL Precision Research, Inc., Pinterest is largely used by women, mostly “Millennial Moms.” If your typical customer demographic is predominantly male, your marketing efforts would probably be better spent elsewhere. But if your business caters to women between the ages 15-29, you should consider creating an online presence on Pinterest.

Think like a content marketer Users are looking for engaging content, which is why 59% of active Pinterest users go for Pins that lead to blog posts, articles, and even photos. The most popular topics on the platform are more visual (e.g., food, fashion, decor, etc.), so if you don't have highly visual content, then infographics, images from blog entries, and even photos of staff members also do the trick.

Look for inspiration Getting stuck in a creative rut happens to the best of us, so check out the boards that are saving your Pins to get some fresh insight. There's a good chance that people saving your Pins have related content that can help you gain insight into what your typical customer is interested in. Not only that, it also helps you identify trends and come up with new ideas for a marketing campaign.

Categorize your boards By creating and properly labeling multiple boards -- one for each of your products or services -- your users are able to engage not only with your general content but also with content they’re more interested in.

Determine posting frequency Excessive pinning might overwhelm or simply annoy your audience, but not pinning enough might cause followers to lose interest. Create a posting schedule and gauge audience reaction before making any changes to the frequency of Pins.

In order to surpass the stiff competition, you’ll need all the help you can get, and that includes social media marketing. If you have any questions about Pinterest and how it can help your business grow, don’t hesitate to give us a call.

Published with permission from TechAdvisory.org. Source.

Topic social media
June 9th, 2017

Security professionals should be beefing up your network security, implementing advanced firewall software, and identifying risks for possible breaches. In reality, they spend a huge chunk of their time troubleshooting issues on individual personal computers (PCs). That workflow is not ideal, but that’s what normally happens in many organizations. At what cost? Read on to find out.

Cost of fixes

According to a survey of technology professionals, companies waste as much as $88,660 of their yearly IT budget as a result of having security staff spend an hour or more per work week fixing colleagues’ personal computers. The ‘wasted amount’ was based on an average hourly salary of IT staff multiplied by 52 weeks a year. Other than knowing how much time is wasted, what makes things worse is that IT security staff are among the highest paid employees in most companies.

The fixes have mostly to do with individual rather than department- or company-wide computer problems that don’t necessarily benefit the entire company. The resulting amount is especially staggering for small- and medium-sized businesses (SMBs) whose limited resources are better off spent on business intelligence tools and other network security upgrades.

Other costs

All those hours spent on fixing personal computers often means neglecting security improvements. The recent WannaCry ransomware attacks, which successfully infected 300,000 computers in 150 countries, demonstrate the dangers of failing to update operating system security patches on time. It should be a routine network security task that, if ignored, can leave your business helpless in the face of a cyber attack as formidable as WannaCry. It didn’t make much money, but had it been executed better, its effects would have been more devastating to businesses, regardless of size.

Profitable projects could also be set aside because of employees’ PC issues. For SMBs with one or two IT staff, this is especially detrimental to productivity and growth. They can easily increase their IT budgets, but if employees’ negligible computer issues keep occurring and systems keep crashing, hiring extra IT personnel won’t do much good.

What businesses should do

The key takeaway in all this is: Proactive IT management eliminates the expenditure required to fix problematic computers. Bolstering your entire IT infrastructure against disruptive crashes is the first step in avoiding the wasteful use of your staff’s time and your company’s money.

Even if your small business has the resources to hire extra staff, the general shortage of cyber security skills also poses a problem. Ultimately, the solution shouldn’t always have to be increasing manpower, but rather maximizing existing resources.

Having experts proactively maintain your IT eliminates the need to solve recurring small issues and lets your staff find a better use for technology resources. If you need non-disruptive technology, call us today for advice.

Published with permission from TechAdvisory.org. Source.

Topic security
June 7th, 2017

While it’s easy to turn a blind eye against hurricane warnings and think “I already have a business continuity plan in place”, it pays to be extremely cautious, especially when the National Oceanic and Atmospheric Administration (NOAA) predicts up to four unusually active hurricanes this year. Needless to say, you simply can’t afford not to hurricane-proof your disaster recovery (DR) plan.

The NOAA forecasts 11 to 17 tropical storms in the Atlantic, the Caribbean Sea, and the Gulf of Mexico. Hurricane season has officially begun and is expected to last until the end of November. The four allegedly active hurricanes are presumed to be Category 3, 4, or 5 on the Saffir-Simpson Hurricane Wind Scale (Category 1 is the weakest and 5 the strongest).

But don’t panic just yet; here are five steps you can take to protect your business during hurricane season.

1. Schedule a DR drill

Despite having a DR plan, many companies don’t test their plan, at least not as often as they should. So if you’re one of those companies, it’s crucial to conduct a DR drill now. A lot can change in the months or years since you have last tested your plan -- systems updates, infrastructure upgrades, employee turnover and more. By scheduling a drill, you’ll be able to make sure everyone knows their roles and that all critical systems are covered.

Note that you should try to perform desktop walkthrough exercises, operational tests, and simulated recovery exercises on a regular basis.

2. Make sure your staff are prepared

All your staff should know what the evacuation procedures are as well as their responsibilities in the DR process. If not, coordinate with HR to make sure everyone in your company understands what the plan of action is for hurricane season. Staff with specific responsibilities need to get the documentation needed to effectively manage their roles in the event of a hurricane.

Set meetings with your DR team and schedule training for new team members. Your DR team should be able to quickly mobilize other employees to the DR site before bad weather hits. Don’t forget to touch base with any providers you are supposed to work with in case of an emergency, too.

3. Secure your backup site

In addition to a secondary location for data storage, your DR plan should also include another backup site so that you can continue your operations. In the event of a hurricane, dedicated space is imperative since your backup sites will likely be occupied with employees.

You should also consider the redundancy of utilities at your DR site, making sure you have enough power feed, fiber carriers, and anything else you’ll need to remain operational.

4. Check for amenities at your DR site

Whether your DR site is in the hurricane zone or in the nearest city, chances are hotels will be overbooked as people fight for a place to stay. This means your staff will likely be stuck onsite around the clock, so you need to make sure there is enough amenities to get them through this hectic period. Is there a place for employees to shower and sleep? Is there enough food and water to last them for at least a couple of days? These amenities will help your staff pull through as they restore your operations.

5. Update your DR plan’s appendix

Your DR plan should have an appendix with contact information, SLAs, and systems inventories information. More importantly, this information needs to be up-to-date; the last thing you need is calling your IT vendor when a server goes down only to reach the wrong number.

Go through all critical information in your DR plan and add any other information as needed. Vendors and shipper's contact information are a must as they will guarantee that you get hardware and power supplies backup without any hassles.

Unlike a fire drill which can be conducted on a yearly basis, your business continuity and disaster recovery plan needs to be tested regularly to meet your company’s changing needs. If you don’t already have a DR plan, or have any further questions, don’t hesitate to give us a call.

Published with permission from TechAdvisory.org. Source.

Topic business
May 31st, 2017

Mobile device management is a full-fledged subset of IT security. Employees store and view sensitive data on their smartphones, which exposes your organization to a significant amount of risk. Although there are plenty of great solutions for managing this, the National Security Agency (NSA) believes mobile virtualization is the next big thing.

US government approved

The NSA maintains a program named Commercial Solutions for Classified (CSFC) that tests and approves hardware to assist government entities that are optimizing security. For example, if a public sector network administrator is deciding which mobile devices to purchase for office staff, CSFC has information about which devices are approved for various government roles.

Offices in the intelligence community usually require virtualization hardware and software as a minimum for laptops and tablets. But until now, no smartphones that included the technology have passed the tests. However, a recently released model of the HTC A9 phone includes mobile virtualization functionality that got the green light.

What is mobile virtualization?

Virtualization is an immensely complicated field of technology, but when it comes to mobile devices the process is a little simpler. Like any mobile device management plan, the goal of mobile virtualization is to separate personal data from business data entirely. Current solutions are forced to organize and secure data that is stored in a single drive.

Essentially, current phones have one operating system, which contains a number of folders that can be locked down for business and personal access. But the underlying software running the whole phone still connects everything. So if an employee downloaded malware hidden in a mobile game, it would be possible to spread through the entire system, regardless of how secure individual folders are.

With mobile virtualization however, administrators can separate the operating system from the hardware. This would allow you to partition a phone’s storage into two drives for two operating system installations. Within the business partition, you could forbid users from downloading any apps other than those approved by your business. If employees install something malicious on their personal partition, it has no way of affecting your business data because the two virtualized operating systems have no way of interacting with each other.

Although it’s still in its infancy, the prospect of technology that can essentially combine the software from two devices onto a single smartphone’s hardware is very exciting for the security community. To start preparing your organization for the switch to mobile virtualization, call us today.

Published with permission from TechAdvisory.org. Source.

May 29th, 2017

Microsoft understands the value of your business’s data and the costly repercussions of losing it. That’s why they’ve released a slew of security and compliance tools for Office 365 subscribers. But given the increasing sophistication and frequency of data breaches, Office 365 cloud security solutions won’t be enough to protect your files. You’ll need to follow these seven security tips to truly avoid data loss in Office 365.

Take advantage of policy alerts Establishing policy notifications in Office 365’s Compliance Center can help you meet your company’s data security obligations. For instance, policy tips can warn employees about sending confidential information anytime they’re about to send messages to contacts who aren’t listed in the company network. These preemptive warnings can prevent data leaks and also educate users on safer data sharing practices.

Secure mobile devices With the growing trend of using personal smartphones and tablets to access work email, calendar, contacts, and documents, securing mobile devices is now a critical part of protecting your organization’s data. Installing mobile device management features for Office 365 enables you to manage security policies and access rules, and remotely wipe sensitive data from mobile devices if they’re lost or stolen.

Use multi-factor authentication Because of the growing sophistication of today’s cyberattacks, a single password shouldn’t be the only safeguard for Office 365 accounts. To reduce account hijacking instances, you must enable Office 365 multi-factor authentication. This feature makes it more difficult for hackers to access your account since they not only have to guess user passwords but also provide a second authentication factor like a temporary SMS code.

Apply session timeouts Many employees usually forget to log out of their Office 365 accounts and keep their computers or mobile devices unlocked. This could give unauthorized users unfettered access to company accounts, allowing them to compromise sensitive data. But by applying session timeouts to Office 365, email accounts, and internal networks, the system will automatically log users out after 10 minutes, preventing hackers from simply opening company workstations and accessing private information.

Avoid public calendar sharing Office 365 calendar sharing features allows employees to share and sync their schedules with their colleagues. However, publicly sharing this schedule is a bad idea. Enabling public calendar sharing helps attackers understand how your company works, determine who’s away, and identify your most vulnerable users. For instance, if security administrators are publicly listed as “Away on vacation,” an attacker may see this as an opportunity to unleash a slew of malware attacks to corrupt your data before your business can respond.

Employ role-based access controls Another Office 365 feature that will limit the flow of sensitive data across your company is access management. This lets you determine which user (or users) have access to specific files in your company. For example, front-of-house staff won’t be able to read or edit executive-level documents, minimizing data leaks.

Encrypt emails Encrypting classified information is your last line of defense to secure your data. Should hackers intercept your emails, encryption tools will make files unreadable to unauthorized recipients. This is a must-have for Office 365, where files and emails are shared on a regular basis.

While Office 365 offers users the ability to share data and collaborate flexibly, you must be aware of the potential data security risks at all times. When you work with us, we will make sure your business keeps up with ever-changing data security and compliance obligations. And if you need help securing your Office 365, we can help with that too! Simply contact us today.

Published with permission from TechAdvisory.org. Source.

Topic Office
May 25th, 2017

WannaCry is one of the few malware campaigns to become a household name. It’s educated countless people on the reality of ransomware and the vulnerability of their data. If you’re still worried about whether you’re at risk, we’ve collected everything you need to know right here.

Ransomware review

Ransomware is a specific type of malware program that either encrypts or steals valuable data and threatens to erase it or release it publicly unless a ransom is paid. We’ve been writing about this terrifying threat for years, but the true genesis of ransomware dates all the way back to 1989.

This form of digital extortion has enjoyed peaks and troughs in popularity since then, but never has it been as dangerous as it is now. In 2015, the FBI reported a huge spike in the popularity of ransomware, and healthcare providers became common targets because of the private and time-sensitive nature of their hosted data.

The trend got even worse, and by the end of 2016 ransomware had become a $1 billion-a-year industry.

The WannaCry ransomware

Although the vast majority of ransomware programs rely on convincing users to click compromised links in emails, the WannaCry version seems to have spread via more technical security gaps. It’s still too early to be sure, but the security experts at Malwarebytes Labs believe that the reports of WannaCry being transmitted through phishing emails is simply a matter of confusion. Thousands of other ransomware versions are spread through spam email every day and distinguishing them can be difficult.

By combining a Windows vulnerability recently leaked from the National Security Agency’s cyber arsenal and some simple programming to hunt down servers that interact with public networks, WannaCry spread itself further than any malware campaign has in the last 15 years.

Despite infecting more than 200,000 computers in at least 150 countries, the cyberattackers have only made a fraction of what you would expect. Victims must pay the ransom in Bitcoins, a totally untraceable currency traded online. Inherent to the Bitcoin platform is a public ledger, meaning anyone can see that WannaCry’s coffers have collected a measly 1% of its victims payments.

How to protect yourself for what comes next

Part of the reason this ransomware failed to scare users into paying up is because it was so poorly made. Within a day of its release, the self-propagating portion of its programming was brought to a halt by an individual unsure of why it included a 42-character URL that led to an unregistered domain. Once he registered the web address for himself, WannaCry stopped spreading.

Unfortunately, that doesn’t help the thousands that were already infected. And it definitely doesn’t give you an excuse to ignore what cybersecurity experts are saying, “This is only the beginning.” WannaCry was so poorly written, it’s amazing it made it as far as it did. And considering it would’ve made hundreds of millions of dollars if it was created by more capable programmers, your organization needs to prepare for the next global cyberattack.

Every single day it should be your goal to complete the following:

  • Thorough reviews of reports from basic perimeter security solutions. Antivirus software, hardware firewalls, and intrusion prevention systems log hundreds of amateur attempts on your network security every day; critical vulnerabilities can be gleaned from these documents.
  • Check for updates and security patches for every single piece of software in your office, from accounting apps to operating systems. Computers with the latest updates from Microsoft were totally safe from WannaCry, which should be motivation to never again click “Remind me later.”
  • Social engineering and phishing may not have been factors this time around, but training employees to recognize suspicious links is a surefire strategy for avoiding the thousands of other malware strains that threaten your business.
Revisiting these strategies every single day may seem a bit much, but we’ve been in the industry long enough to know that it takes only one mistake to bring your operations to a halt. For daily monitoring and support, plus industry-leading cybersecurity advice, call us today.
Published with permission from TechAdvisory.org. Source.

Topic security