Online accounts are consistently compromised for many reasons. This may be because another organization was breached where your log in credentials were stolen, an email asked you to log into a site that you thought was legitimate but wasn’t, or another method. Ultimately, your username and password are in the hands of someone else. So, with our online accounts getting “hacked” all the time, how do we combat this?
Two Factor or Multi Factor Authentication has been implemented by many free and paid services to protect their users, but what exactly is it? This is when after entering your typical username and password, the service requires an additional code or answer. This may include a code via text message, code via app on a mobile device, or even an answer to a secret question.
Unfortunately answers to questions like first pet name, mother’s maiden name, favorite teacher, are easily found by scammers. How you may ask? By people giving it to them! We’ve seen some of these surveys people fill out on social media to see what superhero, or spirit animal they are, include some of these personal questions.
To remove the human vulnerability, technology has turned away from personal questions to biometrics and possession factors as a solution. Biometrics like using your fingerprints or face to unlock your phone, gain access to a secure room, or even log you in. The other method is via possession factor like a text message to your cell phone, or code from an app on your mobile device. These solutions remove the need to remember an answer and randomize the access code every single time.
So, will this 100% guarantee that you will no longer be hacked? While we cannot say that with certainty, you will not be the low hanging fruit compared to other users that may have been compromised. This extra layer of security is a great deterrent and will thwart many scammers by making it more difficult for them to gain access to your account.
See our videos on YouTube that shows how easy it is to use Two Factor authentication with Office 365.
Text Message 2FA
Mobile App 2FA
Hardware fails for many reasons from lightning to old age. So, what can we do when the inevitable happens? Do we pay the employees during the downtime or close temporarily? Do we have the budget to buy two of everything? How long is this going to take!?
Woosah! There are solutions you can put in place now to keep you running.
Technology today allows you to run entirely in the cloud from anywhere regardless of device, but for some this may not be a solution. In Part 1 we mentioned a company that stored working data on a server which failed and crippled their business. After the server was repaired, we were asked to come up with a solution so they would not experience that downtime again.
For this company a cloud solution wasn’t an option since their company files are large drawings of buildings and other structures. Working on those files in a hybrid environment (onsite and cloud) wouldn’t have provided the best experience due to file size, and internet bandwidth consumption. Additionally, the customer requested an on-premise solution since the internet can sometimes be unavailable.
For this task we decided to create a Hyper-V Replica setup between two servers onsite. In the event of a failure on the primary server, a fail-over of the production workloads to the Replica secondary server would occur. While options are available regarding frequency of replication, it was decided to set replication for every 5 minutes to minimize the amount of work lost in the event of another failure.
To sweeten the deal, we were able to re-purpose a server that was being replaced with a cloud solution. We replaced all the hard drives and updated the operating system since the rest of the hardware was not outdated. This allowed us to create a solution that was 35% less expensive than the next comparable solution.
For this customer, having hardware redundancy is a must since the company relies so much on the local server. A hybrid cloud solution wouldn’t provide the best experience due to bandwidth and file size. Lastly, an entirely hosted environment wasn’t within budget. While multiple solutions exist to keep your company running smoothly through a hardware failure, finding the best fit is the challenge.
Contact us today for help finding a solution that meet your technology needs.
As much as we prepare for the worst, complete failures do happen. We pay extra for extended warranties, purchase surge protectors, and various other solutions to protect our equipment and business. So, what happens even after all the preparation things still go wrong?
At the end of last year, we had a client with a “Name Brand” server that was still under warranty and less than 3 years old fail. The support contract that was purchased was for 8am to 5pm support with contact the next business day. For us the issue presented itself on a Friday and we immediately reported the issue to the manufacturer to get the repair process rolling for Monday. Fast forward to Wednesday, and we are finally up and running.
“Three business days? What happened? Why did it take so long?“
These server warranty support contracts are best effort which means that if there is a backlog of issues in the area, the manufacturer may not have a technician available for your warranty issue in the time frame you expected. Consider other hardware component warranties like a hard drive or a motherboard that offer a 3-year warranty. Some of these manufacturers require the faulty part be sent in first before they will replace it.
This down time hurts businesses. For our customer, the server stored the company’s entire working data, so all employee productivity was halted for 3 full business days. While nothing was lost, nothing could be worked on or completed. Can you imagine your company down for 3 business days because of hard failure and inaccessible data? How do you prepare for hardware failure regardless of warranty?
Part 2 will include options available to better prepare the company when hardware fails.
Everyone likes free. From free products to free services, free is good, but not always for a business. Businesses try to keep costs down any possible, but cutting corners may affect the business and its appearance. This is where free email comes in to play, and for a business, free email is bad.
While appearance isn't everything, sometimes it is merely a requirement. For a business, some lenders require a dedicated business email address to obtain credit. If a lender doesn't feel comfortable loaning money to a free email address, how would a consumer feel paying for services rendered? Imagine receiving a quote to replace your home's air conditioning units from firstname.lastname@example.org instead of email@example.com. This email address may raise the questions: Is this a legitimate business? Do they have insurance if something goes wrong?"
No one likes to lose business or not reach their intended contact, but with free email that risk is higher. Some businesses strictly deal business to business having no retail customers, because of this they may decide to block yahoo.com, gmail.com, hotmail.com, etc. addresses to eliminate spam and malicious emails from passing through. While most email providers have some sort of email filter, there are no filters yet available that provide 100% spam protection with a 0% false positive rate.
Free email platforms are so popular that hackers spend a lot of time trying to hack into these accounts*. If one decides to store business contacts on an account that is hacked, spammers can send out malicious messages to prospects and existing clients. If any of the above happens, who can be contacted to help? Who can help reset the account's password? Free email services do not offer any type of customer support where you can call in or email for assistance.
Having a domain and an email aren't costly either. A business may purchase a domain sometimes for less than $20 a year. Add an Office 365 Email only license for around $5 a month, and a business can spend less than $100 a year for a domain and email. Many businesses spend more on their business cards! With a proper email address, the business looks professional and displays they are a "real” company with a dedicated communications system.
*Sept 9, 2014 - 5 million Gmail addresses and passwords leaked
*Jul 11, 2012 - 450k Yahoo addresses and passwords leaked
Since people are creatures of habit, we often use the same usernames and reuse passwords from account to account. We do this, so we can remember them but here lies the problem with security. Common, easy, and even personal passwords are used far too often and can be compromised easily.
Common passwords such as Password1 should never be used as they are the first ones a hacker tries. Hackers have the technology that will allow them to test passwords multiple times very quickly called a brute force attack. After the common set of known passwords list has been tried, the next phase of their infiltration attempts begins.
Easy passwords are considered short, complete words, and ones without special characters. Hackers are aware that people simply change from lower case to upper case to protect their passwords and have programs that will try these variables. They are even aware that with complete words people will change letters into common special characters like @ for A and $ for S. This tactic is considered a dictionary attack where it will take words and try the different variables of upper and lower case with special characters (P@$$word1).
Personal passwords are also not recommended since there is so much personal data available online. Previous living locations can be found through county offices, family members may be found through social media, and that online quiz you just finished to see what super hero you are now has your first pet’s name.
So what do we recommend for a password? We recommend passwords longer than 12 characters that are not words, enabling another layer of authentication after providing your credentials, or you can try a password management service. Passwords that are longer add more variables than a password with the minimum of 8 characters to make it more difficult to crack. Additional authentication methods after login credentials, like entering in a code that is texted to you, is also recommended. This ensures that even if your password is compromised, an additional security layer must be passed. Lastly consider a password manager. These services create random passwords for you and provide you a secure location to store and retrieve them. Always remember that even these password management services require a strong password so make it a good one!
One tactic that we can recommend for creating a memorable password is to make a password out of a sentence or phrase that is personal to you . See below:
My Cox Cable Log In For 2018 = Mcclinf2018! (utilized the first letter of each word, the year, and a special character)
Don’t forget the eggnog for Christmas = Dofothegfoch!09 (utilized the first 2 letters of each word, special character for importance, plus the numbers of the year when you forgot to bring the eggnog)
The idea behind a layered security model is to protect systems from a broad range of attacks by using multiple strategies to be more effective. This model attempts to address problems with different kinds of hacking or phishing, denial of service attacks and other cyberattacks, as well as worms, viruses, malware and other kinds of more passive or indirect system invasions. While one layer may not have protected the user/network, there are several additional layers to pass through before a problem arises. We promote layered security in the following manner: Human, physical, network, endpoint, and data.
In a work environment we are trained to be trusting and helpful, for this reason hackers will try to trick employees into doing something that will compromise their personal or employer’s security. User education helps the human layer by teaching the employees how to identify scams, spot suspicious email, prevent social engineering tactics, and help provide an insight on how these attacks are delivered.
Physical security prevents unauthorized access to vital network components. Keyed locks, key fobs, or biometrics can be used to prevent outsiders from accessing your company’s hardware. When a malicious person has physical access to the network, they can do whatever they like from wiping data, to injecting a key logger to capture your passwords while they are entered.
Network security starts with your firewall. Besides properly configuring the device during deployment (updating default credentials), commercial next generation firewalls can enable additional services to protect your network. Services like intrusion prevention, antivirus, and web content filtering, and anomaly detection. These systems can locate and block any suspicious inbound and outbound activity on your network, users running applications that violate company policy, and even block known attacks based off their signature and/or behavior.
Endpoint security is becoming more complicated since employee owned devices are being used more for work today, fortunately technology today now allows greater control of company data. While all computers still need the basics like antivirus, web content filtering, and updates applied, additional measures can be taken such as hard drive encryption, application control, and data backups to safeguard the machine. Additionally, mobile devices can be remotely wiped when the device has been lost to safeguard company resources.
Our final layer is data security which includes user identification and access control. Since username and passwords are constantly compromised, additional security measures must be taken to prove the user’s identity. Strategies like multi-factor authentication requires not only the username and password but also an additional form verification like a text message code. Employee access can and should also be considered as internal threats like a disgruntled employee is also a possibility. Without considering data access control, everyone in the company could have the ability of looking at human resource or business financial information.
If you need additional layers implemented or just an evaluation to see how many layers of protection you have, please contact us for a free evaluation.
Office 365 is an umbrella name for the cloud services Microsoft provides. This includes Microsoft Exchange (Email), OneDrive (Cloud Storage), SharePoint (Cloud Collaboration), Office Suite (productivity software i.e. Word, Excel, Outlook), to name a few. Office 365 licenses can be purchased for multiple services bundled together, or independently such as software only or email only. The great part is that this service is also not limited just to businesses, so anyone can use the service.
Once the service has been set up, using the service is a simple as navigating to a web page just like your personal account at Google or Apple. When you log in, you’ll be able to see and use the services you’re subscribed to in the web browser. If you are using the Office suite, you can connect your programs to the service like Outlook or OneDrive if you prefer.
Office 365 is changing the traditional model of purchasing servers, plus licenses, and maintaining these machines. With servers starting around $14,000 for hardware and licensing, plus deployment costs, monthly power consumption, and maintenance, to receive a return on your investment would take quite some time. Since Office 365 is purchased as a subscription, you have lower upfront costs and the service can easily scale as you grow. Adding a new employee to the team is easy, you already have your fixed cost and can source a new license in minutes. On the other end, you can cancel at any time or remove users at any moment.
With Office 365 you can ensure your data will be available and secure as well. The service offers two factor authentication, multiple ways to recover data, and meets many national industry regulations for cloud computing. For these reasons and many others not mentioned, Viral-Technology highly recommends Office 365 to all our clients.
One of the first things to do after starting a new business is to purchase a domain name (business.com, business.net) from a domain provider such as GoDaddy. At this time these providers will take the opportunity to up-sell additional services like website hosting, email, etc. Below we will explain why we do not recommend GoDaddy’s Office 365 bundle no matter what the savings may be.
GoDaddy provides a version of Office 365 to its customers that integrates with their portal. While this is nice for a few things, it’s bad for everything else. Due to this integration, key security features like two factor authentication cannot be enabled since it does not integrate with GoDaddy’s portal. Two factor authentication provides the ability to text, email, or some other form of additional verification during log in. So even if your username and password is compromised, the additional code that is texted to you is required before gaining access.
GoDaddy’s Office 365 service will also charge you extra for features that are included in the traditional Office 365 service. In a normal Office 365 setup, messages addressed to Bob@domain.COM and Bob@domain.NET would reach the same user/inbox and Bob is considered as 1 billable user on both domains. With GoDaddy’s service, Bob@domain.COM will be configured and billed separately as Bob@domain.NET increasing your total monthly cost.
Another reason is service limitation. Subscribing to GoDaddy’s Office 365 service prevents you from entering the full featured administrator areas that are available in the traditional service. Making changes to your SharePoint site are not allowed and finding help documentation is almost non-existent since the articles all reference the non-GoDaddy version. Other administrator areas are limited as well like the Business Center Apps. This brings up the question: Is it worth the savings?
With the possibility of increasing costs as the business grows, the lack of security features, and limited abilities, we encourage any new or existing business that is considering Office 365 to contact us to discuss a full featured offering of the service to ensure you receive the best experience possible.
Email has been around for some time and has helped all users in many ways, but not all email is the same. Many businesses are familiar with MAPI (Exchange), but there are other variants of email such as POP and IMAP. While all systems send/receive email, POP and IMAP have many limitations versus a MAPI connection.
The first version of POP mail was developed in 1984, updated to POP2 in 1985, and the most recent version POP3 in 1988. The reason POP mail was created was because computers at the time had slow internet connections. The idea was to offer a simple way to download the message for offline viewing because of the connection speed. When you read your emails using a POP connection, it creates a local copy of the message on the computer and deletes the original message from the server. At this point the email(s) are isolated to that one computer/machine and cannot be accessed anywhere else. Additionally, POP email checks the server for new email in polling intervals (15 minutes, 30 minutes, etc.). These limitations prompted a new email connection to be created.
IMAP was created in 1986 with the major difference being that users could now view their messages from multiple devices. This was accomplished by leaving the messages on the email server until the user deleted the message(s). One major problem with connection type was mailbox storage size and when the limit was reached, the system prevented the user from sending/receiving new messages. At this point the user had to archive mail or POP the mail off the server down to their local machine to free up some space on the server. POP and IMAP both share the polling intervals to check for new email, thus creating the possibility of delaying a time sensitive email since it is dependent on the recipient's email polling interval.
Shortly after the development of POP and IMAP, Microsoft created MAPI (Exchange). This connection type allowed IMAP like connections not only for email but also for contacts, calendar events, tasks, and more. These additional features increased employee productivity in many ways. Calendar events reminded the user not only on their desktop, but also on a mobile device when configured. Sharing a calendar between users provided the ability for a receptionist to schedule appointments for an individual based on their availability. When entered into the system, a company's/user’s contacts (ie. vendors, clients, etc.) information would be available to the user on any device. Email delivery and other notifications are pushed using a MAPI connection. Push allowed new data on the server to be immediately pushed out to the user without delay.
The evolution of email has provided users more abilities than just sending/receiving emails. POP and IMAP connections are still popular today and are used with many free email services such as Yahoo.com and Gmail.com, and are even bundled in from some website providers when you purchase your domain. However, for most businesses the added features that an Exchange mailbox provides through a MAPI connection are a requirement to keep their business efficient and productive.
Viral-Technology recommends and offers an Exchange MAPI connection to all of our customers. With affordable options that are usually less than one user's business card costs for a year, even small organizations can utilize these services with technology from today. Contact us to discuss your options.